A Billion Passwords Stolen; Change Yours!
- General Mackevili
- The General
- Posts: 18419
- Joined: Tue May 06, 2014 5:24 pm
- Reputation: 3416
- Location: The Kingdom
- Contact:
A Billion Passwords Stolen; Change Yours!
Don't worry, CEO fought off the Russians.....
Security researchers say a Russian crime ring has pulled off the largest known theft of confidential Internet information, including 1.2 billion username and password combinations and more than 500 million email addresses.
The cyber gang injected malicious code to steal databases from at least 420,000 websites, says Alex Holden, founder and chief information security officer for Hold Security in Milwaukee, Wisc.
"It is absolutely the largest breach we've ever encountered," Holden said late Tuesday.
Most unsettling, he said, was finding his own credentials among the compromised data.
Hold Security cyber sleuths have been monitoring the cyber gang for about seven months, but only recently realized the magnitude of the gang's operation, Holden said.
"We thought at first they were run-of-the-mill spammers," he said. "But they got very good at stealing these databases."
Holden won't identify the gang, but he says his investigators know their names and locations. "The perpetrators are in Russia so not much can be done. These people are outside the law," he said.
Hold Security said it is trying to contact the victims, but most of the websites remain vulnerable. Holden would not identify the victims, but said they included the auto industry, real estate, oil companies, consulting firms, car rental businesses, hotels, computer hardware and software firms and the food industry. The gang targeted SQL databases, Holden said.
The New York Times first reported the breach Tuesday.
Word comes as hundreds of the world's computer security professionals gather here for Black Hat, a major computer-security conference.
While the breach appears to be large, it's still hard to say if it's the biggest that's ever been discovered, said Marc Maiffret, the chief technical officer at BeyondTrust, a Phoenix-based computer security company.
"There's always lots of changes when the dust settles, it takes months to know" how important a breach was, he said.
If a cache of passwords this big has been found, others likely exist. "I would absolutely assume there are others," said Maiffret.
The cache of credentials was created by taking advantage of the two most common types of hacking — attacking web sites to gain access to underlying databases of customer information, as well as going after individuals and "everyday email," said Maiffret. "It's really a perfect storm" of an attack, he said.
The size of the operation shouldn't come as a surprise to anyone, Maiffret said. "In the past, when people thought of hacking, they thought of a lone teen-aged hacker sitting in the basement," he said. "But people need to realize that most hacking today is related to organized crime."
Even large companies need to acknowledge that modern-day hackers are likely "much better funded than they are," said security expert Sharon Vardi, who is the chief marketing officer of Securonix. "They are backed by millions of dollars to get the job done," he said.
Describing the breach as "easily five times the size of the Target breach," Vardi said that most organizations are not set up to defend these types of attacks. "They are not monitoring anomalies in their networks to detect these breaches quickly," he said.
Security expert Phil Lieberman, CEO of Lieberman Software, thinks the theft may be more of a warning or a veiled threat from the Russians. "I think this is a political statement rather than a security threat," he said. "I think there is a message being sent and the message is: Watch out."
The Russian government could have prevented the breach, he says. "But then the question is......
...click link to continue reading...
http://www.usatoday.com/story/tech/pers ... /13639285/
By Donna Leinwand Leger, Elizabeth Weise and Jessica Guynn, USA TODAY
Security researchers say a Russian crime ring has pulled off the largest known theft of confidential Internet information, including 1.2 billion username and password combinations and more than 500 million email addresses.
The cyber gang injected malicious code to steal databases from at least 420,000 websites, says Alex Holden, founder and chief information security officer for Hold Security in Milwaukee, Wisc.
"It is absolutely the largest breach we've ever encountered," Holden said late Tuesday.
Most unsettling, he said, was finding his own credentials among the compromised data.
Hold Security cyber sleuths have been monitoring the cyber gang for about seven months, but only recently realized the magnitude of the gang's operation, Holden said.
"We thought at first they were run-of-the-mill spammers," he said. "But they got very good at stealing these databases."
Holden won't identify the gang, but he says his investigators know their names and locations. "The perpetrators are in Russia so not much can be done. These people are outside the law," he said.
Hold Security said it is trying to contact the victims, but most of the websites remain vulnerable. Holden would not identify the victims, but said they included the auto industry, real estate, oil companies, consulting firms, car rental businesses, hotels, computer hardware and software firms and the food industry. The gang targeted SQL databases, Holden said.
The New York Times first reported the breach Tuesday.
Word comes as hundreds of the world's computer security professionals gather here for Black Hat, a major computer-security conference.
While the breach appears to be large, it's still hard to say if it's the biggest that's ever been discovered, said Marc Maiffret, the chief technical officer at BeyondTrust, a Phoenix-based computer security company.
"There's always lots of changes when the dust settles, it takes months to know" how important a breach was, he said.
If a cache of passwords this big has been found, others likely exist. "I would absolutely assume there are others," said Maiffret.
The cache of credentials was created by taking advantage of the two most common types of hacking — attacking web sites to gain access to underlying databases of customer information, as well as going after individuals and "everyday email," said Maiffret. "It's really a perfect storm" of an attack, he said.
The size of the operation shouldn't come as a surprise to anyone, Maiffret said. "In the past, when people thought of hacking, they thought of a lone teen-aged hacker sitting in the basement," he said. "But people need to realize that most hacking today is related to organized crime."
Even large companies need to acknowledge that modern-day hackers are likely "much better funded than they are," said security expert Sharon Vardi, who is the chief marketing officer of Securonix. "They are backed by millions of dollars to get the job done," he said.
Describing the breach as "easily five times the size of the Target breach," Vardi said that most organizations are not set up to defend these types of attacks. "They are not monitoring anomalies in their networks to detect these breaches quickly," he said.
Security expert Phil Lieberman, CEO of Lieberman Software, thinks the theft may be more of a warning or a veiled threat from the Russians. "I think this is a political statement rather than a security threat," he said. "I think there is a message being sent and the message is: Watch out."
The Russian government could have prevented the breach, he says. "But then the question is......
...click link to continue reading...
http://www.usatoday.com/story/tech/pers ... /13639285/
By Donna Leinwand Leger, Elizabeth Weise and Jessica Guynn, USA TODAY
"Life is too important to take seriously."
"Life does not cease to be funny when people die any more than it ceases to be serious when people laugh."
Have a story or an anonymous news tip for CEO? Need advertising? CONTACT ME
Cambodia Expats Online is the most popular community in the country. JOIN TODAY
Follow CEO on social media:
Facebook
Twitter
YouTube
Google+
Instagram
"Life does not cease to be funny when people die any more than it ceases to be serious when people laugh."
Have a story or an anonymous news tip for CEO? Need advertising? CONTACT ME
Cambodia Expats Online is the most popular community in the country. JOIN TODAY
Follow CEO on social media:
YouTube
Google+
Re: A Billion Passwords Stolen; Change Yours!
It would be nice to know which sites are affected.
I can't be arsed changing all my passwords and I don't use duplicates.
I can't be arsed changing all my passwords and I don't use duplicates.
-
- Site Admin
- Posts: 4193
- Joined: Fri May 02, 2014 8:05 pm
- Reputation: 17
Re: A Billion Passwords Stolen; Change Yours!
we're clear. i'd almost be tempted invite them to try had i not just changed servers... lol. Once I get intimate with this one and feel better about it... then maybe.
- General Mackevili
- The General
- Posts: 18419
- Joined: Tue May 06, 2014 5:24 pm
- Reputation: 3416
- Location: The Kingdom
- Contact:
Re: A Billion Passwords Stolen; Change Yours!
It seems nobody is listing them yet, which is stupid, but I suspect we will have a pretty good list in a few days, once the individual sites start sending out notices to their members...Digg3r wrote:It would be nice to know which sites are affected.
"Life is too important to take seriously."
"Life does not cease to be funny when people die any more than it ceases to be serious when people laugh."
Have a story or an anonymous news tip for CEO? Need advertising? CONTACT ME
Cambodia Expats Online is the most popular community in the country. JOIN TODAY
Follow CEO on social media:
Facebook
Twitter
YouTube
Google+
Instagram
"Life does not cease to be funny when people die any more than it ceases to be serious when people laugh."
Have a story or an anonymous news tip for CEO? Need advertising? CONTACT ME
Cambodia Expats Online is the most popular community in the country. JOIN TODAY
Follow CEO on social media:
YouTube
Google+
Re: A Billion Passwords Stolen; Change Yours!
404 Not Known
Last edited by taranis on Tue Oct 21, 2014 2:52 am, edited 1 time in total.
God Forgives. I don't!
Re: A Billion Passwords Stolen; Change Yours!
My password and account here are secure. BTW...
My uncle, the 3rd Prince of Togo, just died of Ebola and left US$150,000,000 in a joint bank account which I am unable to access for tax reasons. E-mail me about a possible partnership in retrieving these funds. 10% commission for assistance.
In the meantime, I am overseas and have had my passport, credit cards and all my money stolen. I'm trapped here and need $5000 to get back to Cambodia. If somebody could Western Union $5000 to me care of my good friend Oghenikobo it will be rewarded when I return.
Did I mention I can offer Viagra and Cialis available at bargain basement prices? Shipped direct from Sergei's Drug Emporium in Dhaka.
My uncle, the 3rd Prince of Togo, just died of Ebola and left US$150,000,000 in a joint bank account which I am unable to access for tax reasons. E-mail me about a possible partnership in retrieving these funds. 10% commission for assistance.
In the meantime, I am overseas and have had my passport, credit cards and all my money stolen. I'm trapped here and need $5000 to get back to Cambodia. If somebody could Western Union $5000 to me care of my good friend Oghenikobo it will be rewarded when I return.
Did I mention I can offer Viagra and Cialis available at bargain basement prices? Shipped direct from Sergei's Drug Emporium in Dhaka.
LTO Cambodia Blog
"Kafka is 'outdone' in our country, the new fatherland of Angkor" - Norodom Sihanouk
"Kafka is 'outdone' in our country, the new fatherland of Angkor" - Norodom Sihanouk
Re: A Billion Passwords Stolen; Change Yours!
404 Not Known
Last edited by taranis on Tue Oct 21, 2014 2:51 am, edited 1 time in total.
God Forgives. I don't!
- StroppyChops
- The Missionary Man
- Posts: 10598
- Joined: Tue May 06, 2014 11:24 am
- Reputation: 1032
Re: A Billion Passwords Stolen; Change Yours!
As long as you're not paying the admin costs. Check that with him up front, he might be trying to rip you off otherwise.taranis wrote:Sounds okay to me, good commission.My uncle, the 3rd Prince of Togo, just died of Ebola and left US$150,000,000 in a joint bank account which I am unable to access for tax reasons. E-mail me about a possible partnership in retrieving these funds. 10% commission for assistance.
Bodge: This ain't Kansas, and the neighbours ate Toto!
- General Mackevili
- The General
- Posts: 18419
- Joined: Tue May 06, 2014 5:24 pm
- Reputation: 3416
- Location: The Kingdom
- Contact:
Re: A Billion Passwords Stolen; Change Yours!
The first time i got that one I was dumbfounded.LTO wrote:
In the meantime, I am overseas and have had my passport, credit cards and all my money stolen. I'm trapped here and need $5000 to get back to Cambodia. If somebody could Western Union $5000 to me care of my good friend Oghenikobo it will be rewarded when I return.
My friend actually happened to be traveling at the time.
"Life is too important to take seriously."
"Life does not cease to be funny when people die any more than it ceases to be serious when people laugh."
Have a story or an anonymous news tip for CEO? Need advertising? CONTACT ME
Cambodia Expats Online is the most popular community in the country. JOIN TODAY
Follow CEO on social media:
Facebook
Twitter
YouTube
Google+
Instagram
"Life does not cease to be funny when people die any more than it ceases to be serious when people laugh."
Have a story or an anonymous news tip for CEO? Need advertising? CONTACT ME
Cambodia Expats Online is the most popular community in the country. JOIN TODAY
Follow CEO on social media:
YouTube
Google+
-
- Expatriate
- Posts: 4267
- Joined: Mon May 19, 2014 1:06 pm
- Reputation: 471
-
- Similar Topics
- Replies
- Views
- Last post
-
- 19 Replies
- 739 Views
-
Last post by Bongmab69
-
- 1 Replies
- 1497 Views
-
Last post by JUDGEDREDD
-
- 32 Replies
- 3594 Views
-
Last post by phnompenhsteve
-
- 12 Replies
- 6172 Views
-
Last post by DaveG
-
- 3 Replies
- 1177 Views
-
Last post by truffledog
-
- 6 Replies
- 1765 Views
-
Last post by Arget
-
- 3 Replies
- 1706 Views
-
Last post by DaveG
Who is online
Users browsing this forum: Bing [Bot], BongKingKong and 383 guests