Keep up with the news by installing RT’s extension for . Never miss a story with this clean and simple app that delivers the latest headlines to you.

 

Largest single personal data hack ever? 360mn stolen account credentials found online

Published time: March 01, 2014 01:31
Edited time: March 04, 2014 05:37
Reuters / Kacper Pempel

Reuters / Kacper Pempel

A cyber security firm has reported a “mind boggling” cache of stolen credentials which has been put up for sale on online black markets. A total of 360 million accounts were affected in a series of hacks, one of which seems to be the biggest in history.

Alex Holden, chief information security officer of Hold Security LLC, said that the firm had uncovered the data over the past three weeks.

He said that 360 million personal account records were obtained in separate attacks, but one single attack seems to have obtained some 105 million records which could make it the biggest single data breach to date, Reuters reports. “The sheer volume is overwhelming,” said Holden in a statement on Tuesday.

“These mind boggling figures are not meant to scare you and they are a product of multiple breaches which we are independently investigating. This is a call to action,” he added.

Hold Security said that as well as 360 million credentials, hackers were also selling 1.25 billion email addresses, which may be of interest to spammers.

The huge treasure trove of personal details includes user names, which are most often email addresses, and passwords, which in most cases are unencrypted.

Hold Security uncovered a similar breach in October last year, but the tens of millions of records had encrypted passwords, which made them much more difficult for hackers to use.

“In October 2013, Hold Security identified the biggest ever public disclosure of 153 million stolen credentials from Adobe Systems Inc. One month later we identified another large breach of 42 million credentials from Cupid Media,”
Hold Security said in statement.

AFP Photo / Justin Sullivan

Holden said he believes that in many cases the latest theft has yet to be publically reported and that the companies that have been attacked are unaware of it. He added that he will notify the companies concerned as soon as his staff has identified them.

“We have staff working around the clock to identify the victims,”
he said.

However, he did say that the email addresses in question are from major providers such as AOL Inc, Google Inc, Yahoo Inc, and Microsoft Corp, as well as “almost all” Fortune 500 companies and nonprofit organizations.

Heather Bearfield, who runs cybersecurity for an accounting firm Marcum LLP, told Reuters that while she had no information about Hold Security’s findings, she believed that it was quite plausible as hackers can do more with stolen credentials than they can with stolen credit cards, as people often use the same login and password for many different accounts.

“They can get access to your actual bank account. That is huge. That is not necessarily recoverable funds,” she said.

The latest revelation by Hold Security comes just months after the US retailer Target announced that 110 million of their customers had their data stolen by hackers. Target and the credit and debit card companies concerned said that consumers do not bear much risk as funds are rapidly refunded in fraud losses.

Comments (16)

 

Salvatore Salvatore 14.03.2014 14:43

Well, this nothing, but the ignorance of the people themselves, why would anyone want to use product and services that keep the monopoly system, instead we should all use open source so viruses as such cannot effect us, or perhaps less chance of infection, plus we will get rid of Microsoft and his crappy Software system. Freedom comes in many shapes, internet and software is big part of it, Be part of the movement, part of the solution.
Live Long and Prosper....

 

John Carpenter 14.03.2014 14:30

Ed Snowden pointed out this at SXSW:
"Now ... Michael Hayden and Keith Alexander, two directors of the National Security Agency in the post 9/11 era who made a very specific change. And that is, they elevated offensive operations, that is, attacking, over the defense of our communications. They began eroding the protections of our communications, in order to get an attack advantage. Now, this is a problem for one primary reason – and that's America has more to lose than anyone else when every attack succeeds."

They have damaged encryption, the better to spy on us — this is what we're left with.

 

William A Finch 02.03.2014 18:29

And the moral to the story is... DON'T bank online.

View all comments (16)
Add comment

Authorization required for adding comments

Register or

Name

Password

Show password

Register

or Register

Request a new password

Send

or Register

To complete a registration check
your Email:

OK

or Register

A password has been sent to your email address

Edit profile

X

Name

New password

Retype new password

Current password

Save

Cancel

Follow us

Follow us