“There were official statements from the companies that perpetrators received the passwords via fishing and virus attacks. But in order to assemble such a quantity of passwords by the largest botnets (a network of virus-containing computers), it takes at least a year or two,” Kovyrshin said.
“Since the released passwords are mostly simple, it could mean a theft of a deciphered password base with the simplest of them to be decoded. It’s still unclear how the base got into the hands of perpetrators, but it could be either an interior leakage or a use of vulnerable software,” he said.
On Monday, Internet edition HabraHabr reported that a list of more than 1 million passwords of Yandex e-mail users leaked. Mail.ru faced a disclosure of 4.7 million passwords.
Google discovered that 5 million passwords and logins from its e-mail service Gmail had leaked out as well.