Almost 300 million account logins and passwords belonging to Gmail, Hotmail and Yahoo Mail users are being freely traded among Russia's criminal underworld, according to news wire Reuters.
It cites Alex Holden, founder and chief information security officer of Hold Security - and the man who last year uncovered the largest data breach to date - that the details of 272.3 million stolen accounts are being traded.
But Russians, rather than rich Americans or Europeans are the prime targets. Russia's own Mail.ru email service accounts for the majority of hacked accounts at 57 million, but a large number also belong to Gmail, Hotmail and Yahoo Mail users.
Yahoo Mail credentials totaled 40 million, or 15 per cent of the haul, Hotmail accounted for 33 million, or 12 per cent, while 24 million, or nine per cent, belonged to Gmail account holder.
It wasn't just email accounts that were targeted, according to the report, with Holden also discovering thousands of other stolen username and password combinations that appear to belong to employees of some of the largest US banking, manufacturing and retail companies.
Holden stumbled on the discovery after he saw a young Russian hacker - since nicknamed "The Collector" - bragging about the information haul in an online forum. He was asking for just 50 rubles – less than $1 – for the lot, but Holden was given the information for free after he said he'd big up the hacker online.
"This information is potent. It is floating around in the underground and this person has shown he's willing to give the data away to people who are nice to him," said Holden. "These credentials can be abused multiple times," he said.
Mail.ru spokeswoman Madina Tayupova told Reuters: "We are now checking whether any combinations of usernames/passwords match users' emails and are still active.
"As soon as we have enough information we will warn the users who might have been affected," she said, adding that Mail.ru's initial checks found no live combinations of usernames and passwords that match existing emails.
A Microsoft spokesman said: "Microsoft has security measures in place to detect account compromise and requires additional information to verify the account owner and help them regain sole access."
Google and Yahoo are yet to comment. We'll update this article when we hear more.
Ultra-high-end all-in-one PCs from HP feature either 24-inch or 27-inch displays
Roomba 'smart' vacuum cleaner company iRobot plans to sell maps of users' homes to Apple, Amazon and Google
'Smart' products spying on their owners and selling the data for profit? Who'd have thought it!
TNT Express still struggling with NotPetya malware - crucial documents remain locked up in borked systems as staff grapple with manual procedures
TNT depots over-flowing with parcels as the company struggles to recover from NotPetya - while Reckitt Benckiser reports 'ongoing' recovery
Full roll-out of Android O expected within weeks