Billions of Passwords Stolen-They got you!

Published On August 6, 2014 | By Tom Huskerson | Alerts, News and Analysis
ID-10096463

Courtey of digitalart

A Russian criminal gang has stolen 1.2 billion passwords and user names and 500 million email addresses.  According to Milwaukee based security firm, Hold Security, the passwords were stolen from over 400,000 businesses and personal websites. In comparison the breach of Target stores last year compromised only 40 million names. The websites include smaller businesses and stores as well as many larger businesses. Hold Security founder Alex Holden stated that many of the larger businesses are “household names.”

The group that carried out the theft is known as “CyberVor” or cyber thief in Russian. The group is suspected of being located in a small city in south central Russia. According to the New York Times the group is made up of less than a dozen young men who are close personally, not just virtually. Their computer servers are also thought to be in Russia.

The New York Times, enlisted the help of an outside security expert who, after analyzing the database of stolen credentials, confirmed it’s authenticity. A second cyber crime expert also reviewed the data. This expert is not permitted to publicly elaborate  on the theft but said major companies were compromised and are aware their records have been stolen. 

“Hackers did not just target U.S. companies, they targeted any website they could get ranging from Fortune 500 companies to very small websites. And most of these sites are still vulnerable.”” said Holden. 

According to Holden the gang makes money by emailing spam for  phony miracle weight loss products. “It’s really not that impactful to the individuals, and that’s why they were under the radar for so long,” Holden said. “They’ve ignored financial information almost completely.”

The ability of the criminals to collect so many passwords is indicative of the weak security of many websites regardless of size.

Holden pointed out that the stolen passwords may not have come from hacking but from the criminals buying user names and passwords on the black market. The huge number of stolen credentials multiplied this year because of  automated programs that travel the Internet looking for vulnerable websites. 

Many experts agree that the sale of the information on the black market could be very lucrative. Although credit cards are easily canceled personal information such as email addresses, Social Security numbers or password could potentially be used for identity theft. Many people have a habit of using the same passwords on multiple sites. Because of this habit criminals can test stolen credentials on websites where valuable information may be vulnerable. This includes banks and brokerage firms.

Hold Security has refused to release the names of the websites affected because of confidentiality agreements.

Breaking It Down

We’ve seen this before. Again and again hackers have stolen information from websites and again and again the consumer is left in the dark. No one is saying what websites are affected except to say they are “household names.” So lets do some math; 1.2 billion user names and passwords are stolen. Over 400,000 websites are compromised. More than 500 million email addresses are collected. The answer is simple; they got you! If you read this and do not immediately change all your passwords you’re either stupid or just don’t care. You need to be aware that many personal websites were also compromised. That includes your Facebook page, LinkedIn and many others. I have encouraged black people to use powerful pass phrases. I continue to do that. I have told you before to regularly change your pass phrases; at least every six months. Yeah, I know its a hassle. So if it bothers you that much then use a password manager. You can find them on Apple App store and Google Play. Many are free so whats your excuse? Use them! All those user names and passwords are going to be sold. And now that the word is out they will be sold soon, before they lose their value. See, although the Russian gang may not be interested in financial information, others that buy these passwords are looking to get into bank accounts, your bank account.  All African-Americans need to act on this information immediately. Why? Because we have a bad habit of being the last to know and the last to act. Yeah I said it! We need to be more pro-active and stop dragging our feet. Get busy and change your passwords to pass phrases. Don’t wait.

For more information please see;

Washington Post – Russian Hackers Amass  Over a Billion Internet Passwords

CNET – Hackers Nab 1.2 Billion Passwords in Colossal Breach, Says Security Firm

CNBC – Russian Gang Said to Amass More Than a Billion Stolen Internet Credentials

 

Like this Article? Share it!

About The Author

Tom Huskerson Bio Born in Richmond Virginia Tom Huskerson is a military veteran who settled in California after his discharge. Tom attended Santa Barbara City College where he began his writing career as a campus reporter. He worked as an intern news reporter for the Santa Barbara News-Press writing feature stories before moving on to San Francisco. At San Francisco State University Tom studied broadcast communications and began to focus on the Internet. He completed his graduate thesis on Internet advertising. Tom was the first student to ever focus on the Internet as a graduate student at San Francisco State University. After graduation he went to work for Zona Research in California’s Silicone Valley. As a research associate Tom supported senior analyst writing on the latest developments in the Internet industry. During the dot com boom Tom worked for several web businesses as a market researcher and analyst. As a writer and researcher Tom has authored various technical works including a training program for Charles Schwab security. Other projects included professional presentations on workplace violence and hiring security contractors. Tom has also written both fiction and non-fiction works and blogging for a travel website. He has published two books of short stories and completed two novels. Tom is the owner of Scribe of Life Literature and EbonyCandle.com. Tom is not the chief editor for the OnTechStreet. com. A news and information blog that focuses on tech news for African-Americans. The blog is the result of his desire to inform the African American community of the dangers and benefits of the cyber age. In his blog Tom reports on information security, new and analysis, scams and hoaxes, legal happenings and various topics that arise from the age of information. Tom believes that technology is a necessary tool for black people and they should know what is happening. Tom writes believing that techno speak is for the professional and that valuable information can be communicated using plain language. As a result he has embraced the motto, Less Tech, More Knowledge.

Related Post

World Password Day
FBI Hooks up with ‘Have I Been Pwned’
Breach Brief – Facebook, Instagram, LinkedIn
Breach Brief – TikTok, Instagram, YouTube

Comments are closed.