Skip to main content
password

1 Billion Passwords Stolen

WHAT HAPPENED
A Russian crime ring has accumulated over 1 billion Internet credentials, The New York Times is reporting [1]. The hacking ring, apparently based in a small city in south-central Russia, is said to have 1.2 billion stolen usernames and passwords, including access to 500 million email addresses.

The discovery was made by Hold Security, a Milwaukee firm specializing in Internet security and discovering significant hacks. According to Hold Security, the stolen information was gathered from more than 420,000 websites [2].

 

HOW
According to Hold Security, the attackers used a botnet to hunt for sites vulnerable to SQL injection hacks [3]. They compromised roughly 420,000 websites and lifted 4.5 billion username-password combinations in all; after eliminating duplicates, the number drops down to a no-less-impressive 1.2 billion unique login combos. Hold Security has not released the names of the victim sites.

 

IS THIS THE FIRST TIME?
"Today, we have learned of a huge issue where it seems like billion passwords were stolen overnight," said John Prisco, CEO of Triumfant, "but in reality... crime rings have been stealing information for years [3].

 

IMPACT SO FAR
So far, the stolen information did not seem to have been sold. Most of the accounts have been used to deliver marketing schemes and other viral messages [3].

 

COUNTER MEASURES
1. Online users are strongly urged to take this breach seriously and change passwords in their online accounts.

2. Online vendors need to seriously consider 2 factor authentication implementation.

3. Business organizations, large and small, need to check against malware in their websites and related platforms. Furthermore organizations are better off to hire professional penetration testers on improving cybersecurity.

 

References

[1] http://www.nytimes.com/2014/08/06/technology/russian-gang-said-to-amass-more-than-a-billion-stolen-internet-credentials.html?_r=0

[2] https://www.yahoo.com/tech/russian-hackers-have-stolen-over-1-billion-usernames-93907045969.html

[3] http://www.darkreading.com/biggest-cache-of-stolen-creds-ever-includes-12-billion-unique-logins/d/d-id/1297811

[4] http://hackread.com/russian-hackers-steal-usernames-and-passwords/