The company claimed that the hacking attack was discovered after over 7 months of research and was being carried out by some unnamed Russian cyber gang. Apparently, the latter now owns the largest cache of stolen information.
Now, what many of the comments about the breach online center on is the fact that the security outfit is offering a $120 per month breach notification service allowing people to find out whether the hackers stole their passwords on file. Another fact that is highlighted in comments is that Hold Security timed its announcement to fit with the Black Hat Security conference with the alleged intention to spark a debate on password security.
As you can see, unanswered questions about the hack remain. The security company said that the hacking collective started out buying stolen credentials on the black market and then used those credentials to launch other attacks. Nevertheless, it remains unclear how many credentials were purchased and how many of the 1.2 billion they culled on their own. In simple words, this huge database (if it even exists) could be just an entirely ancient data.The industry experts also point out that it is unclear whether the alleged stolen passwords came from important financial websites or less important ones. In addition, it is unknown what exactly the hackers are going to do with those details. The experts explain that if the obtained data include fresh credentials for important online services like online banking, they can be used to steal money from online accounts. In the case they are older or from little-used services, the hacker might use the data to send spam by email or post it in online forums.