A huge attack on US systems was discovered by security
outfits, which has supposedly stolen 1.2 billion user name and password
combinations plus over 500 million email addresses.The intrusion was
discovered by a company called Hold Security and was alleged to include
confidential content collected from 420,000 websites, including household names
and small sites. The security outfit has a record of uncovering huge hacks –
for instance, it was the one to discover the 2013 theft of tens of millions of
records from Adobe Systems. This means that Hold Security could have been seen
as a reliable source.
The company claimed that the hacking attack was discovered after over 7 months of research and was being carried out by some unnamed Russian cyber gang. Apparently, the latter now owns the largest cache of stolen information.
Now, what many of the comments about the breach online center on is the fact that the security outfit is offering a $120 per month breach notification service allowing people to find out whether the hackers stole their passwords on file. Another fact that is highlighted in comments is that Hold Security timed its announcement to fit with the Black Hat Security conference with the alleged intention to spark a debate on password security.
As you can see, unanswered questions about the hack remain. The security company said that the hacking collective started out buying stolen credentials on the black market and then used those credentials to launch other attacks. Nevertheless, it remains unclear how many credentials were purchased and how many of the 1.2 billion they culled on their own. In simple words, this huge database (if it even exists) could be just an entirely ancient data.The industry experts also point out that it is unclear whether the alleged stolen passwords came from important financial websites or less important ones. In addition, it is unknown what exactly the hackers are going to do with those details. The experts explain that if the obtained data include fresh credentials for important online services like online banking, they can be used to steal money from online accounts. In the case they are older or from little-used services, the hacker might use the data to send spam by email or post it in online forums.
The company claimed that the hacking attack was discovered after over 7 months of research and was being carried out by some unnamed Russian cyber gang. Apparently, the latter now owns the largest cache of stolen information.
Now, what many of the comments about the breach online center on is the fact that the security outfit is offering a $120 per month breach notification service allowing people to find out whether the hackers stole their passwords on file. Another fact that is highlighted in comments is that Hold Security timed its announcement to fit with the Black Hat Security conference with the alleged intention to spark a debate on password security.
As you can see, unanswered questions about the hack remain. The security company said that the hacking collective started out buying stolen credentials on the black market and then used those credentials to launch other attacks. Nevertheless, it remains unclear how many credentials were purchased and how many of the 1.2 billion they culled on their own. In simple words, this huge database (if it even exists) could be just an entirely ancient data.The industry experts also point out that it is unclear whether the alleged stolen passwords came from important financial websites or less important ones. In addition, it is unknown what exactly the hackers are going to do with those details. The experts explain that if the obtained data include fresh credentials for important online services like online banking, they can be used to steal money from online accounts. In the case they are older or from little-used services, the hacker might use the data to send spam by email or post it in online forums.
Comments
Post a Comment