Dear Visitor,

Our system has found that you are using an ad-blocking browser add-on.

We just wanted to let you know that our site content is, of course, available to you absolutely free of charge.

Our ads are the only way we have to be able to bring you the latest high-quality content, which is written by professional journalists, with the help of editors, graphic designers, and our site production and I.T. staff, as well as many other talented people who work around the clock for this site.

So, we ask you to add this site to your Ad Blocker’s "white list" or to simply disable your Ad Blocker while visiting this site.

Continue on this site freely
You are here: Home / Customer Data / Russian Gang Amass 1.2B Passwords
Russian Hackers Steal More Than 1B Web Passwords
Russian Hackers Steal More Than 1B Web Passwords
By Jennifer LeClaire / CRM Daily Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
You may have been hacked. A Russian cyber gang has obtained what security researchers are calling “the largest cache of stolen data.” Hold Security is offering details on the theft of 4.5 billion records, including 1.2 billion usernames and passwords that correlate to over half a billion e-mail addresses.

Dubbed 'CyberVor' by Hold Security, the group apparently hacked more than 420,000 Web sites to get "such an impressive number of credentials." Hold Security has become well-known over the past few years for its involvement identifying massive data breaches, including the 2013 Adobe Systems breach and the February 2014 breach of Target stores' database.

“The CyberVors did not differentiate between small or large sites,” the firm explained in a blog post. “They didn’t just target large companies; instead, they targeted every site that their victims visited. With hundreds of thousands sites affected, the list includes many leaders in virtually all industries across the world, as well as a multitude of small or even personal Web sites."

Focusing on Data Control

We asked Gerry Grealish, CMO of cloud security software firm Perspecsys, what impact he thinks this hack will have. He told us one of the main concerns regarding a breach of this magnitude is the fact that criminals will be able to use exposed credentials to access sensitive data and intellectual property in public cloud environments.

“Clouds are logical points of data aggregation, data assets from a large number of employees can be stored there and many companies share the use of these public clouds,” Grealish said. “This situation serves as a reminder to organizations that they must place greater emphasis on data control -- the responsibility lies with CIOs and CISOs.”

Grealish asked some pointed questions: How can CIOs lock down access to their data? Where is their data located? There are endless questions about data security and control, he said, which only become more perplexing when data is in a cloud environment.

“At the core of data control is ensuring sensitive and regulated data is encrypted. If organizations can do this correctly, they will be the sole owner of encryption keys, so if someone without proper access to their data attempts to access it, the information will be rendered meaningless,” he said. “Alternatively, organizations can use a technique like tokenization, which ensures that all sensitive data remains locked in a secure database inside a firewall.”

Back to Basics

We also caught up with Joshua Roback, Security Architect with cloud security firm SilverSky, to get his thoughts on the hack. He told us the value of a password has increased exponentially as Internet users continuously reuse the same passwords across multiple Web services.

“While smaller, niche Web services may be easier to break into than the likes of Google or large banking sites, the stolen passwords are often just as valuable,” Roback said. “It’s extremely important to diversify your investments when it comes to password management. Like investing, the importance of minimizing risk can’t be overlooked.”

Roback said using a password management system like LastPass or 1Password is a good option, but he doesn’t like the idea of storing his password in a central location. Instead, he relies on his own system including a common string with all the standard password requirements -- upper case, numbers, special characters, etc. -- along with some letters from the Web service name sprinkled in.

“Russian cyber gangs are known for breaking in to steal whatever they can as quickly as possible,” Roback said. “We should expect to see these accounts for sale on underground forums before the week is through.”

Tell Us What You Think


the trust is gone...:
Posted: 2014-08-06 @ 2:59pm PT
Give it up. Go back to paper.

Ulf Mattsson, CTO:
Posted: 2014-08-06 @ 1:06pm PT
I agree that “Russian cyber gangs are known for breaking in to steal whatever they can as quickly as possible” so I think that we urgently need to secure the sensitive data itself with modern data security approaches.

Modern granular data protection, like data tokenization, should not only be used for compliance with regulations like PCI DSS. Recent studies reported that data tokenization can cut security incidents by 50 %.

After that is done, we can start the long road of patching all access paths to the sensitive data across all the systems that are hosting sensitive data and maybe changing how we login to systems. That will be more like boiling the ocean.

I think that we urgently need to secure the sensitive data itself.

Ulf Mattsson, CTO Protegrity

Like Us on FacebookFollow Us on Twitter

Over the past decade, hospitals have been busy upgrading their systems from paper to electronic health records. Unfortunately, spending so much on EHR may have left insufficient funds for security.
The British government officially blamed Russia for waging the so-called NotPetya cyberattack that infected computers across Ukraine before spreading to systems in the U.S. and beyond.
© Copyright 2018 NewsFactor Network. All rights reserved. Member of Accuserve Ad Network.