A cybersecurity firm said on Tuesday that it uncovered stolen
credentials from some 360 million accounts that are available for sale
on cyber black markets, though it is unsure where they came from or what
they can be used to access.
The discovery could represent more of a risk to consumers and
companies than stolen credit card data because of the chance the sets of
user names and passwords could open the door to online bank accounts,
corporate networks, health records and virtually any other type of
computer system.
Alex Holden, chief information security officer of Hold Security LLC,
said in an interview that his firm obtained the data over the past
three weeks, meaning an unprecedented amount of stolen credentials is
available for sale underground.
"The sheer volume is overwhelming," said Holden, whose firm last year
helped uncover a major data breach at Adobe Systems Inc in which tens
of millions of records were stolen.
Holden said he believes the 360 million records were obtained in
separate attacks, including one that yielded some 105 million records,
which would make it the largest single credential breaches known to
date.
He said he believes the credentials were stolen in breaches that have
yet to be publicly reported. The companies attacked may remain unaware
until they are notified by third parties who find evidence of the
hacking, he said.
"We have staff working around the clock to identify the victims," he said.
He has not provided any information about the attacks to other
cybersecurity firms or authorities but intends to alert the companies
involved if his staff can identify them.
The massive trove of credentials includes user names, which are
typically email addresses, and passwords that in most cases are in
unencrypted text. Holden said that in contrast, the Adobe breach, which
he uncovered in October 2013, yielded tens of millions of records that
had encrypted passwords, which made it more difficult for hackers to use
them.
The email addresses are from major providers such as AOL Inc , Google
Inc, Microsoft Corp and Yahoo Inc and almost all Fortune 500 companies
and nonprofit organizations. Holden said he alerted one major email
provider that is a client, but he declined to identify the company,
citing a nondisclosure agreement.
(Click link below to read more)
READ MORE
Sphere: Related Content
About Me

- Judy Chaffee
- This site is the inspiration of a former reporter/photographer for one of New England's largest daily newspapers and for various magazines. The intent is to direct readers to interesting political articles, and we urge you to visit the source sites. Any comments may be noted on site or directed to KarisChaf at gmail.
Wednesday, February 26, 2014
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment