Report: Russian cybercriminals have stolen 1.2 billion usernames and passwords, 500 million email addresses

Report: Russian cybercriminals have stolen 1.2 billion usernames and passwords, 500 million email addresses
U.S.-based security firm Hold Security has claimed today that a group of Russian cybercriminals have been quietly stealing and accumulating the most Internet login credentials in the history of the world.

In total, 1.2 billion username and password combinations have been stolen, in addition to 500 million email addresses.



Hold Security founder Alex Holden says the data was stolen from 42,000 sites across the Web, with no specific agenda. "Hackers did not just target US companies, they targeted any website they could get, ranging from Fortune 500 companies to very small websites," Holden noted. "And most of these sites are still vulnerable."

If accurate, the thefts would make last year's Target security breach look like child's play, where about 60 million credit and debit card numbers were stolen over the course of a few months.

Holden says the Russian outfit is about a dozen young hackers who first bought stolen data off underground markets and then began working with another group to aim bigger. "There is a division of labor within the gang," Holden added. "Some are writing the programming, some are stealing the data. It's like you would imagine a small company; everyone is trying to make a living."

Source:
NYT

Written by: Andre Yoskowitz @ 5 Aug 2014 20:34
Tags
Hackers Russia Hold Security
Advertisement - News comments available below the ad
  • 2 comments

  • Clam_Up

    Two points:

    1. Sites that demand passwords follow a specified template, i.e. your password must have 3 letters, a number and a symbol, are making hacking faster and easier, not slower and harder. Admins who think they're being trendy by forcing their members to follow clearly specified templates are not helping security at all.

    2. The accounts of basic members are not the targets of hackers; at least not the sophisticated ones anyway. The accounts they're after are the ones worth accessing: the admin accounts. It makes no difference how the average Joe jumbles up their passwords. If the admin account isn't the most secure account on the site, forget security for everyone else.

    Ignorance en masse is still ignorance.

    5.8.2014 20:56 #1

  • DarkJello

    So a security site selling me identity theft protection is reporting my identity is at risk of being stolen. Any one not trying to make money off of me reporting this?

    6.8.2014 16:16 #2

© 2024 AfterDawn Oy

Hosted by
Powered by UpCloud