“A Russian crime ring has amassed the largest known collection of stolen Internet credentials, including 1.2 billion user name and password combinations and more than 500 million email addresses, security researchers say,” Nicole Perlroth and David Gelles report for The New York Times.
“The records, discovered by Hold Security, a firm in Milwaukee, include confidential material gathered from 420,000 websites, including household names, and small Internet sites,” Perlroth and Gelles report. “Hold Security has a history of uncovering significant hacks, including the theft last year of tens of millions of records from Adobe Systems.”
“Hold Security would not name the victims, citing nondisclosure agreements and a reluctance to name companies whose sites remained vulnerable,” Perlroth and Gelles report. “Another computer crime expert who had reviewed the data, but was not allowed to discuss it publicly, said some big companies were aware that their records were among the stolen information.”
“So far, the criminals have not sold many of the records online. Instead, they appear to be using the stolen information to send spam on social networks like Twitter at the behest of other groups, collecting fees for their work. But selling more of the records on the black market would be lucrative,” Perlroth and Gelles report. “While a credit card can be easily canceled, personal credentials like an email address, Social Security number or password can be used for identity theft. Because people tend to use the same passwords for different sites, criminals test stolen credentials on websites where valuable information can be gleaned, like those of banks and brokerage firms.”
Read more in the full article here.
MacDailyNews Take: The problem was/is that some people use one password for everything they do online and, when one thing gets compromised, everything is then accessible to criminals.