Over a Billion E-mail Passwords and Website Logins Stolen, the Biggest Haul ever

Why can’t the $100 Bn security industry stop hackers? Despite technological revolutions, hackers are still invading industrial systems to retrieve confidential information, leading to a rise in the number of fraudulent cases and hacks in recent years. A recent case shows that a new benchmark has been set by hackers in Russia.

Hold Security, a security-research firm based in the U.S., has discovered that a Russian gang has stolen 1.2 billion username and password combinations and over 500 million e-mail IDs. The confidential data was stolen from 420,000 websites and is being cited as the biggest theft of internet credentials yet.

There have been several significant Internet hacks in the past few years:

  • Tens of millions of records were stolen from Adobe Systems.
  • About 200 million personal records were stolen from Court Ventures, including social-security numbers, credit-card data and bank-account information.
  • Hold Security uncovered a database of 360 million records for sale last February, collected from multiple companies.
  • A well-known case is that of Target stores, which involved the theft of 40 million credit-card numbers and 70 million addresses, phone numbers, etc.
  • P.F. Chang’s China Bistro Inc. also became the victim of a data breach a couple of months back, involving the theft of credit- and debit-card information.

This recent case takes it to a whole new level. The victims range from Fortune 500 companies to small websites. The criminals most likely appear to be using the stolen information for spamming. The Russian hackers captured the credentials on a massive scale using botnets, which involves the use of a network of zombie computers infected with a virus. The botnet is able to test whether websites are vulnerable to a popular hacking technique called SQL Injection.

Companies that rely on usernames and passwords have to develop a sense of urgency about changing this, said Avivah Litan, a security analyst at the research firm Gartner. Until they do, criminals will just keep stockpiling people’s credentials.

According to a joint study conducted by IBM and the Ponemon Institute, the average cost to a company of a data breach has increased 15% this year. In monitory terms, the figure has reached $3.5 Mn, compared with $3.1 Mn last year. Keeping this in mind, Hold Security is trying to come up with a security tool that would enable people to securely test for their information in the database.

It can be said that there is concern among the security community that they might face a losing battle in protecting confidential information. Companies such as Hold Security have to step up their analysis of how such scalable attacks are made possible even with timely upgrades in security standards.

To know more about the Fraud and Authentication domain, visit ‘The Money Event’ which would be covering speaker sessions on topics like:

  • Innovations in Curbing Fraud
  • Payments: Solve for Authentication, the rest is just Accounting
  • EMV and NFC: Mainstream by 201X? And what’s the impact of P2PE?