Data Hack: A Russian Gang Just Stole Over A Billion Passwords

A Russian Gang Just Stole Over A Billion Passwords
|

A Russian criminal gang has successfuly carried out the world's largest data breach amassing over a billion usernames and passwords as well as over 500 million email addresses.

Hold Security, a firm in Milwaukee discovered the data breach after successfully identifying the massive Adobe breach just a few months earlier.

Open Image Modal

First reported by the New York Times, this is the single largest breach of its kind and affects a huge variety of websites from well known brands to personal sites and blogs.

Hold Security is refusing to name the companies affected citing non-disclosure agreements with Hold Security's Founder Alex Holden adding, “And most of these sites are still vulnerable.”

With over a billion 'keys' into people's website accounts the gang has a potential goldmine of information but according to the New York Times it only appears to be using the information to spam people on behalf of other groups and then collect the fees.

The last big breach that took place was last year when tens of millions of usernames and passwords were stolen from Adobe.

Since then there have been several other major incidents including the theft of 40 million credit card details from Target and the loss of 200 million personal records after an identity theft organisation was able to hack into Court Ventures, a company now owned by Experian.

Security experts have started calling for stricter security measures online following on from a spate of leaks and hacks culminating in the Heartbleed incident which revealed a massive flaw in OpenSSL, a piece of software that was the foundation of most secure websites.

Gavin Millard, a technical director for Tenable Network Security has called for the public to start rethinking how they secure themselves online.

"Don't change your password in response to this, change your password habits by using a password manager which will enable you to have individual password per site you use, thus limiting the impact of any attack of this nature in the future.“

Brian Spector at security firm CertiVox said that the hack exposed "inherent" weaknesses in the internet.

"The impact of what is clearly a very large attack will be felt widely by both industry and the consumer, and can be expected to cause an uptick in spam communications on email and social networks with associated risks of malware and fraud.

"This incident is one of many attacks that highlight the need for the wider security industry to take another look at the methods that they employ to secure services and data."