Almost 300 million account logins and passwords belonging to Gmail, Hotmail and Yahoo Mail users are being freely traded among Russia's criminal underworld, according to news wire Reuters.
It cites Alex Holden, founder and chief information security officer of Hold Security - and the man who last year uncovered the largest data breach to date - that the details of 272.3 million stolen accounts are being traded.
But Russians, rather than rich Americans or Europeans are the prime targets. Russia's own Mail.ru email service accounts for the majority of hacked accounts at 57 million, but a large number also belong to Gmail, Hotmail and Yahoo Mail users.
Yahoo Mail credentials totaled 40 million, or 15 per cent of the haul, Hotmail accounted for 33 million, or 12 per cent, while 24 million, or nine per cent, belonged to Gmail account holder.
It wasn't just email accounts that were targeted, according to the report, with Holden also discovering thousands of other stolen username and password combinations that appear to belong to employees of some of the largest US banking, manufacturing and retail companies.
Holden stumbled on the discovery after he saw a young Russian hacker - since nicknamed "The Collector" - bragging about the information haul in an online forum. He was asking for just 50 rubles – less than $1 – for the lot, but Holden was given the information for free after he said he'd big up the hacker online.
"This information is potent. It is floating around in the underground and this person has shown he's willing to give the data away to people who are nice to him," said Holden. "These credentials can be abused multiple times," he said.
Mail.ru spokeswoman Madina Tayupova told Reuters: "We are now checking whether any combinations of usernames/passwords match users' emails and are still active.
"As soon as we have enough information we will warn the users who might have been affected," she said, adding that Mail.ru's initial checks found no live combinations of usernames and passwords that match existing emails.
A Microsoft spokesman said: "Microsoft has security measures in place to detect account compromise and requires additional information to verify the account owner and help them regain sole access."
Google and Yahoo are yet to comment. We'll update this article when we hear more.
Cotton seedling freezes to death as Chang'e-4 shuts down for the Moon's 14-day lunar night
Fortnite easily out-earns PUBG, Assassin's Creed Odyssey and Red Dead Redemption 2 in 2018
Meteor showers as a service will be visible for about 100 kilometres in all directions
Saturn's rings only formed in the past 100 million years, suggests analysis of Cassini space probe data
New findings contradict conventional belief that Saturn's rings were formed along with the planet about 4.5 billion years ago