Passwords stolen by Russian hackers number over one billion, making this latest cybercrime one of the largest data hauls to date. Over 400,000 Internet sites were targeted, and the massive assemblage of user names and passwords has put millions at risk. Are you one of them? That remains unknown, since the contractor performing the assessments will not disclose the list of affected websites.
Reports The Associated Press on Aug. 5: "The thievery was described in a New York Times story based on the findings of Hold Security, a Milwaukee firm that has a history of uncovering online security breaches. The identities of the websites that were broken into weren't identified by the Times, which cited nondisclosure agreements that required Hold Security to keep some information confidential."
With 1.2 billion user names and passwords compromised, chances are online sites that we use regularly are among those hacked. Officials at Hold Security said that email addresses were also obtained, and that the hackers likely will look to cash in by selling their collection to companies that will spam you for weight loss products, erectile dysfunction pills and the normal collection of useless claptrap.
Writes the AP:
Alex Holden, the founder and chief information security officer of Hold Security, told the Times that most of the sites hit by the Russian hackers are still vulnerable to further break-ins. Besides filching 1.2 billion online passwords, the hackers also have amassed 500 million email addresses that could help them engineer other crimes, according to Hold Security.
Holden did categorize the sites targeted by the hackers, stating that a number of “household name” websites were compromised, but also adding that the computer criminals “didn't breach any major email providers.”
“Hackers did not just target US companies, they targeted any website they could get, ranging from Fortune 500 companies to very small websites,” he said. “And most of these sites are still vulnerable.”
CNN Money reported Holden said the offenders look to benefit “by hacking into email and social accounts, posing as trusted friends and family and advertising bogus products. That means that if you see strange messages being sent from your email or social media accounts, you might be among those affected.”
The user name and password filching has been going on for many months, possibly years, undetected. Holden says that’s because the thieves are not targeting banking or credit card information.
“It's really not that impactful to the individuals, and that's why they were under the radar for so long,” Holden said. “They've ignored financial information almost completely.”
The NY Times, which first reported on the story, linked a related piece on steps to take to protect yourself from computer hackers: