Russian Cyber Thugs Swipe 1.2 Billion Passwords
Sweeping password changes might not be a bad idea
Quote
Well now, this is disturbing -- it's being reported that a Russian crime ring is in possession of around 1.2 billion stolen Internet credentials, which is the biggest collection of its kind. That includes user names and password combinations, along with more than 500 million email addresses collected from 420,000 websites. With that in mind, now might be a good time to change up your passwords for your more important accounts.
Hold Security, a firm in Milwaukee, discovered the existence of such a large collection of stolen credentials, The New York Times reports. The firm has a history of uncovering serious security breaches, including last year's theft of tens of millions of records from Adobe Systems.
In this case, a list of websites where the stolen credentials came from hasn't been released, though it includes both popular and smaller size portals, NYT says. Hold Security is reluctant to call out the names of sites that remain vulnerable, though NYT says a security analyst not affiliated with the firm reviewed the database and confirmed it was authentic.
"Hackers did not just target U.S. companies, they targeted any website they could get, ranging from Fortune 500 companies to very small websites," said Alex Holden, the founder and chief information security officer of Hold Security. "And most of these sites are still vulnerable."
The Russian gang consists of a hacking ring of less than a dozen individuals in their 20s living in a small city in south central Russia.