• All Community
    • All Community
    • Forums
    • Blogs
Advanced

Blog List
Kudos2 Stats

Russian Hackers Collect 1.2 Billion Passwords In A Mega Breach

By: Solange_Desc27 Employee   Posted: 05-Aug-2014 | 5:58PM •  Edited: 05-Mar-2020 | 10:04AM • 3 Comments

The New York Times has reported the largest known collection of stolen Internet credentials by a Russian crime ring. These hackers reportedly amassed 1.2 billion username and password combinations, and more than 500 million email addresses from 420,000 websites through botnets (computers that have been infected with and controlled by a computer virus). The sites ranged from small sites to larger household names. Many of the targeted sites are still vulnerable.

2014: The Year Of The Mega, MEGA Breach?

In Symantec’s 2014 Internet Security Threat Report, researchers declared 2013 as “The Year of The Mega Breach”, and recent breaches this year indicate that the situation isn’t getting better. These numbers are surprising, not only because the collection was the largest yet discovered, but also because of the scope of the impact on Internet users.  Roughly 39% (2.76B) of the world’s population of 7.1 billion uses the Internet. The volume of online credentials collected (1.2B passwords) potentially accounts for over one-third of the world’s Internet users. That’s a lot of data.

Given the magnitude of this latest discovery, it is clear that the need for companies to do more to protect your data has become more urgent than ever.

One of the weakest links in protecting your data is the user name and password that you use to identify yourself to websites. Often simply called credentials, in the wrong hands they can be used in fraudulent activity and identity theft, or sold for quick cash on the underground market. You can help keep your credentials safe and by doing so, minimize the risk that your sensitive information will be compromised.

So, what can you do to keep your online credentials safe?

  • Change passwords on important sites: It’s a good idea to immediately change passwords for sites that hold a lot of personal information, financial details, and other private data. Cyber criminals who have your credentials could try to use them to access more information on these accounts. This is particularly true if you have used the same password on multiple sites. Attackers will often try to use stolen credentials on multiple sites. 
  • Pay special attention to your email credentials. A lot of users fail to recognize that their email account can be a front door to their entire digital life. Think about how many times you may have reset your password on some other site by have a ‘recovery’ link sent to your email account. This is why you should carefully guard access to your email account.
  • Don’t re-use passwords: One of the main ways that hackers use credentials is to try to gain access to your other accounts. If you vary your passwords across multiple logins, they won’t be able to access other sites with the same information. 
  • Create stronger passwords: Make sure that your password is a minimum of eight characters long, and that it doesn’t contain your real name, username, or any other personally identifying information. It should also contain a combination of uppercase and lowercase letters, numbers, and special characters. Have trouble thinking of a good one? Try our free Password Generator. 
  • Use a password manager to store passwords: Norton Identity Safe is free and conveniently remembers your passwords so that you don’t have to. You can get it by clicking here.
  • Enable Two-Factor Authentication: Many websites now offer two-factor (or two step) authentication, which adds an extra layer of security to your account by requiring you to enter your password, plus a code that you will receive on your mobile device (via text message or a token generator) to login to the site. Of course, this adds complexity to the login process, but it significantly improves the security of your account. If nothing else, use this for your most important accounts.

As a final suggestion, keep an eye on your online accounts. If you see something suspicious, report it to the website. If you discover a fraudulent charge on one of your financial accounts, in most cases, the charge can be reversed, and your account can be frozen to prevent any further fraudulent activity. For more tips, see our recent post on how to monitor your credit card accounts.

 

Being vigilant can help stop fraud on your account and keep information and identity protected.

Labels: 1.2 billion passwords, botnet, change password, data breach, ISTR, mega breach, Russian crime ring

Comments

Kudos1 Stats
Posted: 05-Aug-2014 | 5:58PM • Edited: 05-Aug-2014 | 5:58PM •

The New York Times has reported the largest known collection of stolen Internet credentials by a Russian crime ring. These hackers reportedly amassed 1.2 billion username and password combinations, and more than 500 million email addresses from 420,000 websites through botnets (computers that have been infected with and controlled by a computer virus). The sites ranged from small sites to larger household names. Many of the targeted sites are still vulnerable.

2014: The Year Of The Mega, MEGA Breach?

In Symantec’s 2014 Internet Security Threat Report, researchers declared 2013 as “The Year of The Mega Breach”, and recent breaches this year indicate that the situation isn’t getting better. These numbers are surprising, not only because the collection was the largest yet discovered, but also because of the scope of the impact on Internet users.  Roughly 39% (2.76B) of the world’s population of 7.1 billion uses the Internet. The volume of online credentials collected (1.2B passwords) potentially accounts for over one-third of the world’s Internet users. That’s a lot of data.

Given the magnitude of this latest discovery, it is clear that the need for companies to do more to protect your data has become more urgent than ever.

One of the weakest links in protecting your data is the user name and password that you use to identify yourself to websites. Often simply called credentials, in the wrong hands they can be used in fraudulent activity and identity theft, or sold for quick cash on the underground market. You can help keep your credentials safe and by doing so, minimize the risk that your sensitive information will be compromised.

So, what can you do to keep your online credentials safe?

  • Change passwords on important sites: It’s a good idea to immediately change passwords for sites that hold a lot of personal information, financial details, and other private data. Cyber criminals who have your credentials could try to use them to access more information on these accounts. This is particularly true if you have used the same password on multiple sites. Attackers will often try to use stolen credentials on multiple sites. 
  • Pay special attention to your email credentials. A lot of users fail to recognize that their email account can be a front door to their entire digital life. Think about how many times you may have reset your password on some other site by have a ‘recovery’ link sent to your email account. This is why you should carefully guard access to your email account.
  • Don’t re-use passwords: One of the main ways that hackers use credentials is to try to gain access to your other accounts. If you vary your passwords across multiple logins, they won’t be able to access other sites with the same information. 
  • Create stronger passwords: Make sure that your password is a minimum of eight characters long, and that it doesn’t contain your real name, username, or any other personally identifying information. It should also contain a combination of uppercase and lowercase letters, numbers, and special characters. Have trouble thinking of a good one? Try our free Password Generator. 
  • Use a password manager to store passwords: Norton Identity Safe is free and conveniently remembers your passwords so that you don’t have to. You can get it by clicking here.
  • Enable Two-Factor Authentication: Many websites now offer two-factor (or two step) authentication, which adds an extra layer of security to your account by requiring you to enter your password, plus a code that you will receive on your mobile device (via text message or a token generator) to login to the site. Of course, this adds complexity to the login process, but it significantly improves the security of your account. If nothing else, use this for your most important accounts.

As a final suggestion, keep an eye on your online accounts. If you see something suspicious, report it to the website. If you discover a fraudulent charge on one of your financial accounts, in most cases, the charge can be reversed, and your account can be frozen to prevent any further fraudulent activity. For more tips, see our recent post on how to monitor your credit card accounts.

 

Being vigilant can help stop fraud on your account and keep information and identity protected.

Kudos1 Stats
Posted: 07-Aug-2014 | 3:17AM

If you wanna stay protected always my policy is to be sharp and alert as much as I can.

So, what can you do to keep your online credentials safe?

  • Change passwords on important sites
  • Pay special attention to your email credentials.
  • Don’t re-use passwords
  • Create stronger passwords
  • Use a password manager to store passwords
  • Enable Two-Factor Authentication

Along with these I would like to add these:

  • Use seperate email ids for different purposes.

      Now a days, its easy to setup an email id, whether paid or free. Everyone must keep their email accounts specific to needs, like say

yourmail.social@provider.com

yourmail.personal@provider.com

yourmail.official@company.com

fakename@provider.com

This would keep you away from leaking private info to prying eyes.

  • Refrain from accessing your personel data in unsecure locations

     Always be sure your connections are secure and trustworthy. If it is unavoidable to use public internet facility to access your personal stuffs, try to use VPN or other mechanisms.

  • Share only bare minimum details

     Basically, dont try to put your full name and address if you are asked for just name.

  • Keep your personal devices patched, secure and up to date.....
regards, CV | There is no ONE TOUCH KEY to security . Be alert and vigilant. . | Always have a Backup Plan!
Kudos1 Stats
Posted: 07-Sep-2014 | 4:11AM

"The volume of online credentials collected (1.2B passwords) potentially accounts for over one-third of the world’s Internet users."

That assumes that each infected machine yields just one username/password combination. I do not know how many passwords most people have, but if we assume that the average number is between 10 and 50, a more accurate estimate would be that between 1% and 4% of all Internet users have been hit.

This is still, of course, a horrifyingly high figure.