light bulb

Did You Know?



Reply
Highlighted
Posts: 6,413
Topics: 4,272
Kudos: 8,161
Registered: ‎06-12-2013

Report: Shadowy Russian hacker group now has 1.2B usernames, passwords

Sites range from "Fortune 500 companies to very small websites."

by Cyrus Farivar - Aug 5 2014

 

Report: Shadowy Russian hacker group now has 1.2B usernames, passwords

 

A Wisconsin security firm claims that a Russian criminal group has accumulated the largest known collection of stolen online usernames and passwords via SQL injections, according to a new report in The New York Times on Tuesday.

Hold Security, which did not immediately respond to Ars’ request for comment, apparently has 1.2 billion usernames and passwords across 420,000 sites. It declined to tell The Times which companies were affected, nor name the group specifically.

 

Full Article

Sr. Community Leader

Posts: 6,413
Topics: 4,272
Kudos: 8,161
Registered: ‎06-12-2013

Russian crime ring amasses over a Billion credentials

A little bit more information is trickling out about this now.

 

by paganinip on August 6th, 2014

 

“The hacking ring is based in a small city in south central Russia, the region flanked by Kazakhstan and Mongolia. The group includes fewer than a dozen men in their 20s who know one another personally — not just virtually. Their computer servers are thought to be in Russia.” reports the New York post.

“There is a division of labor within the gang,”“Some are writing the programming, some are stealing the data. It’s like you would imagine a small company; everyone is trying to make a living.” 

“Hackers did not just target U.S. companies, they targeted any website they could get, ranging from Fortune 500 companies to very small websites,”“And most of these sites are still vulnerable.” said Alex Holden, confirming that many of the targeted websites are still vulnerable. Mr. Holden said. "

 

data breaches 2013 stolen credentials

 

 

Full Article

Sr. Community Leader

Posts: 3,848
Topics: 2,265
Kudos: 3,091
Blog Posts: 0
Registered: ‎06-02-2014

Re: Report: Shadowy Russian hacker group now has 1.2B usernames, passwords

This is where users need to practice good safety and change their password and user name on a regular basis.

Community Leader

Posts: 6,413
Topics: 4,272
Kudos: 8,161
Registered: ‎06-12-2013

1.2 billion logins scooped up by CyberVor hacking crew - what you need to do

by John Hawes on August 6, 2014

 

Website users

There is currently no way to tell if you have been affected by any of this. The owners of the affected sites are being informed and hopefully they will tell their users in turn.

Because the sites that were successfully attacked were compromised by easily-avoided vulnerabilities it's prudent to assume those sites didn't secure the data in their databases properly either. Even strong passwords are at risk if they aren't stored correctly.

That means a large, random selection of people have had their personal data compromised and the only reasonable security precaution is to assume you're one of them. We recommend that you:

  • Change your website passwords.
  • Use a unique password for each website.
  • Use two-factor authentication wherever you can.
  • Check bank and social media accounts for suspicious behaviour.

Website owners

This data haul may yet turn out to be a 'Heartbleed' moment for website owners who assume their sites are too small to be of interest to hackers.

The gang that amassed this giant data haul didn't discriminate between popular or unpopular, large or small. All that mattered was vulnerability.

Fortunately SQL injection attacks are easily defeated by simple coding practices.

If you run a website, we recommend that you:

Full Article

Sr. Community Leader

Posts: 902
Registered: ‎06-20-2014

Re: Report: Shadowy Russian hacker group now has 1.2B usernames, passwords

1.2 billion logins scooped up by CyberVor hacking crew - what you need to do

 

By John Hawes  August 6, 2014

 

Hackers have amassed a vast collection of stolen data, including 1.2 billion unique username/password pairs, by compromising over 420,000 websites using SQL injection techniques.

 

That's according to security monitoring and assessment firm Hold Security, whose past record includes work on uncovering last year's Adobe source code leak.

 

Researchers monitored the gang for over seven months, thought to be "fewer than a dozen men in their 20s who know one another personally" based in a small city in central Russia.

 

Full story

sig



Experience Shared is Knowledge Shared, Share Yours! I'm a volunteer – my reward is your SMILE!Smiley Very Happy


Helpful Webroot Links:


                         Submit Trouble Ticket • User Guides • BrightCloud URL lookup • Account Console 

Download (PC) • Download (Best Buy/Geek Squad Subscription) • Download (Walmart and Target) • Download (MSN Subscription) 


                                         Register and Introduce yourself to The Community!

Posts: 3,848
Topics: 2,265
Kudos: 3,091
Blog Posts: 0
Registered: ‎06-02-2014

Re: Report: Shadowy Russian hacker group now has 1.2B usernames, passwords

The following article is a update on 1.2B usernames, and passwords

 

(Five unanswered questions about massive Russian hacker database)

 

 

By Martyn Williams

 

August 6, 2014 08:26 PM ET
 
IDG News Service - There's still much that's unclear about Tuesday's revelation that a small group of hackers in Russia have amassed a database of 1.2 billion stolen user IDs and passwords. The company that disclosed the incident, Hold Security, didn't offer any fresh information Wednesday, but here are five questions we'd like to see answered (and a bonus one that we already know the answer to).
 

 

Community Leader

Posts: 6,413
Topics: 4,272
Kudos: 8,161
Registered: ‎06-12-2013

Re: Russian crime ring amasses over a Billion credentials

It looks like some security experts are beginning to seriously question the figures in this story now.

 

Don't panic: That Russian hack bombshell isn't what you think

 

News of 1.2 billion stolen Web credentials raises key questions about the data -- and the motives of the security researcher

 

By Caroline Craig August 07, 2014

 

   Don't panic: That Russian hack bombshell isn't what you think                                                                       

 

"InfoWorld's Roger Grimes concurred, saying, "I'm not only bothered that it's from one source, but that the password database review was only done by one company; 1.2 billion is a lot of credentials and seems very high to me."

 

Another red flag: The hackers aren't trying to sell the data or use it to steal actual money. "They're using it for Twitter spam, the dark Web equivalent of boiling the bones for stock," says The Verge's Brandom. "The fact that the crew is reduced to jacking Twitter accounts suggests the data is more about quantity than quality.... No one was going to pay $120 a year just to find out if their Twitter might get hacked.""

 

Full Article

 

Sr. Community Leader

Posts: 902
Registered: ‎06-20-2014

Re: Report: Shadowy Russian hacker group now has 1.2B usernames, passwords

So, it is still unknown which websites were hacked? Am I understanding what I read correctly? They know how many usernames, passwords but  not where they were obtained from?

 

If I am understanding correctly, very good chance that the number of usernames, passwrods will increase.

 

 

sig



Experience Shared is Knowledge Shared, Share Yours! I'm a volunteer – my reward is your SMILE!Smiley Very Happy


Helpful Webroot Links:


                         Submit Trouble Ticket • User Guides • BrightCloud URL lookup • Account Console 

Download (PC) • Download (Best Buy/Geek Squad Subscription) • Download (Walmart and Target) • Download (MSN Subscription) 


                                         Register and Introduce yourself to The Community!

Community Manager Community Manager
Community Manager
Posts: 4,969
Registered: ‎12-16-2013

Re: Report: Shadowy Russian hacker group now has 1.2B usernames, passwords

Bruce Schneier is also telling people not to panic over this one:

https://www.schneier.com/blog/archives/2014/08/over_a_billion_.html

Posts: 902
Registered: ‎06-20-2014

Re: Report: Shadowy Russian hacker group now has 1.2B usernames, passwords


nic wrote:

Bruce Schneier is also telling people not to panic over this one:

https://www.schneier.com/blog/archives/2014/08/over_a_billion_.html


Makes sense, puts many minds at ease, mine included! 

 

Thank you NIc!

sig



Experience Shared is Knowledge Shared, Share Yours! I'm a volunteer – my reward is your SMILE!Smiley Very Happy


Helpful Webroot Links:


                         Submit Trouble Ticket • User Guides • BrightCloud URL lookup • Account Console 

Download (PC) • Download (Best Buy/Geek Squad Subscription) • Download (Walmart and Target) • Download (MSN Subscription) 


                                         Register and Introduce yourself to The Community!