MANILA, Philippines – Millions of Yahoo, Microsoft, and Google accounts are part of a trove of 272.3 million stolen accounts being traded in the Russian underworld, according to a new report from Reuters.

Alex Holden, founder of Hold Security, noted that while the majority of compromised accounts were from Russian email service Mail.ru, smaller fractions of the affected accounts were from the 3 big email providers.

Hold Security’s discovery came after researchers found a young Russian hacker bragging in an online forum about stolen credentials totalling around 1.17 billion records.

After eliminating duplicates, the trove of information had 57 million Mail.ru accounts – a big chunk of its 64 million monthly active users.

Holden said that in terms of affected sizes, Yahoo Mail account credentials accounted for 40 million, or 15%, of the 272 million unique IDs discovered. Microsoft’s Hotmail accounts numbered 33 million, or 12%. Meanwhile, 24 million – around 9% – were Gmail accounts.

Hundreds of thousands of accounts at German and Chinese email providers were included as well.

There were also thousands of stolen username-and-password combinations appearing to be from employees of US banking, manufacturing, and retail companies.

The hacker asked for only 50 rubles – approximately $1 – for the information, but gave it to Hold Security for free after the Hold Security researchers promised to post favorably about him on hacking forums.

“This information is potent,” Holden explained. “It is floating around in the underground and this person has shown he’s willing to give the data away to people who are nice to him.”

Holden added, “These credentials can be abused multiple times.”

If you feel you may have been affected by the hack, it would be a good idea to change your email’s password to a strong, alphanumeric combination that is unique to that account.

You may also want to enable two-factor authentication on your account to better secure it. – Rappler.com