• Sponsors

  • Unknown, Unnamed Russian Hackers Steal 1.2 Billion Usernames and Passwords

    A private security company said it appears Russian hackers have obtained a massive 1.2 billion usernames and passwords as members trolled the Internet targeting users.

    According to Hold Security, it appears the hackers have a significant number of unique email addresses of over half a billion people.

    The newly founded Milwaukee firm has yet to name the hackers or the victims or how the information was obtained. It does offer, for a free, “breach notification services” for website administrators so they can see if they’ve been affected and keep an eye on potential threats.

    Alex Holden, Hold Security founder and chief information security officer, said he won’t reveal the hackers’ location or names should law enforcement be investigating the breach.

    Holden said Hold Security does charge fees to recover costs of validating website ownership. The charge is also to prove website owners that the company is “the good guy”, which is often a thankless job.

    Security companies will generally get the hacker information by doing one of two things:

    • Getting into secret forums and purchasing samples of pilfered information to find out who’s been affected.
    • Get access to the server of the cybercriminal.

    According to security experts, this is an impressive collection of both usernames and passwords that allows cybercriminals to use the web credentials for use later on. Experts said consumers are at risk from these breaches, especially if the information is used on more than one website. For example, hackers obtained customer credentials from Adobe last year. Facebook found out later on that some of their users had used the same username and password combination for their accounts on the popular social media website.

    Gartner security analyst Avivah Litan said it doesn’t matter where the passwords came from, from which websites. Litan said the kind of theft Hold Security has noted has been ongoing for quite somet time and numerous records have been affected.

    Hold Security said the hackers struck nearly 420,000 web addresses from both small and large websites. The affected website list includes companies from nearly every industry along with some personal websites.

    The findings revealed the criminals are, so far, using the information to just send spam to people’s social media accounts.
  • Sponsored Links