Courtey of digitalart
A Russian criminal gang has stolen 1.2 billion passwords and user names and 500 million email addresses. According to Milwaukee based security firm, Hold Security, the passwords were stolen from over 400,000 businesses and personal websites. In comparison the breach of Target stores last year compromised only 40 million names. The websites include smaller businesses and stores as well as many larger businesses. Hold Security founder Alex Holden stated that many of the larger businesses are “household names.”
The group that carried out the theft is known as “CyberVor” or cyber thief in Russian. The group is suspected of being located in a small city in south central Russia. According to the New York Times the group is made up of less than a dozen young men who are close personally, not just virtually. Their computer servers are also thought to be in Russia.
The New York Times, enlisted the help of an outside security expert who, after analyzing the database of stolen credentials, confirmed it’s authenticity. A second cyber crime expert also reviewed the data. This expert is not permitted to publicly elaborate on the theft but said major companies were compromised and are aware their records have been stolen.
“Hackers did not just target U.S. companies, they targeted any website they could get ranging from Fortune 500 companies to very small websites. And most of these sites are still vulnerable.”” said Holden.
According to Holden the gang makes money by emailing spam for phony miracle weight loss products. “It’s really not that impactful to the individuals, and that’s why they were under the radar for so long,” Holden said. “They’ve ignored financial information almost completely.”
The ability of the criminals to collect so many passwords is indicative of the weak security of many websites regardless of size.
Holden pointed out that the stolen passwords may not have come from hacking but from the criminals buying user names and passwords on the black market. The huge number of stolen credentials multiplied this year because of automated programs that travel the Internet looking for vulnerable websites.
Many experts agree that the sale of the information on the black market could be very lucrative. Although credit cards are easily canceled personal information such as email addresses, Social Security numbers or password could potentially be used for identity theft. Many people have a habit of using the same passwords on multiple sites. Because of this habit criminals can test stolen credentials on websites where valuable information may be vulnerable. This includes banks and brokerage firms.
Hold Security has refused to release the names of the websites affected because of confidentiality agreements.
Breaking It Down
We’ve seen this before. Again and again hackers have stolen information from websites and again and again the consumer is left in the dark. No one is saying what websites are affected except to say they are “household names.” So lets do some math; 1.2 billion user names and passwords are stolen. Over 400,000 websites are compromised. More than 500 million email addresses are collected. The answer is simple; they got you! If you read this and do not immediately change all your passwords you’re either stupid or just don’t care. You need to be aware that many personal websites were also compromised. That includes your Facebook page, LinkedIn and many others. I have encouraged black people to use powerful pass phrases. I continue to do that. I have told you before to regularly change your pass phrases; at least every six months. Yeah, I know its a hassle. So if it bothers you that much then use a password manager. You can find them on Apple App store and Google Play. Many are free so whats your excuse? Use them! All those user names and passwords are going to be sold. And now that the word is out they will be sold soon, before they lose their value. See, although the Russian gang may not be interested in financial information, others that buy these passwords are looking to get into bank accounts, your bank account. All African-Americans need to act on this information immediately. Why? Because we have a bad habit of being the last to know and the last to act. Yeah I said it! We need to be more pro-active and stop dragging our feet. Get busy and change your passwords to pass phrases. Don’t wait.
For more information please see;
Washington Post – Russian Hackers Amass Over a Billion Internet Passwords
CNET – Hackers Nab 1.2 Billion Passwords in Colossal Breach, Says Security Firm
CNBC – Russian Gang Said to Amass More Than a Billion Stolen Internet Credentials