This Hacker Stole 1.17 Billion Credentials. You Won’t Believe How Much He Sold it All For

bold_hackers_400.jpg

bold_hackers_400.jpg

In a bizarre reminder of why security best practices are so critical to the world of IT, it has been reported that one of the largest collections of hacked and stolen login details are currently making the rounds in the Russian black market.

According to Alex Holden, Hold Security’s founder and Chief Information Security Officer, the company was first alerted to the breach by the hacker himself, as he bragged in online chat forums that he had stolen over a billion credentials for email accounts from various providers.

These accounts were mostly for the Russian service Mail.ru, but accounts included in the theft have also been identified as belonging to Google, Yahoo, and Microsoft, as well as some Chinese and German email providers.

The story becomes odd when the hacker delivered his price for the staggeringly large data set:

50 rubles, or just about $0.75, for the entire stash.

Hold Security haggled, refusing to pay the strikingly small ransom. Instead, the hacker was convinced to release his holdings for “likes” on one of his social media outlets.

The data ultimately took the form of 1.17 billion records for the aforementioned mail servers, as well as username and password combinations for assorted U.S. banks, retailers, and manufacturers, presumably belonging to the employees of these institutions.

The account holders may not be off the hook, either. Holden stated that there was no guarantee that there wasn’t remnant data left over, especially after the hacker had shown himself willing to share with sympathetic people. As a result, further attacks could still be engineered from these accounts and each of their contact lists, increasing the risks of dangers considerably.

How You Can Stay Safe

  • Use separate, complex passwords: Many of the credentials examined since the breach proved to be repeats of others, as users repeated usernames and passwords across multiple websites. This is precisely the reason that best practices dictate users keep login credentials from repeating from account to account, as it only serves to make it easier for attackers to get in as well.
  • Change passwords frequently: As Holden mentioned, there is no guarantee that the information stolen wasn’t shared with other cybercriminals before Hold Security stepped in. This only emphasizes the importance of this next takeaway; that passwords should be changed with some frequency, avoiding any pattern or set schedule.

Not many hackers will be as amenable to the demands of security firms as this individual seemingly was. This is why it is so important to follow these best practices religiously; too often a data breach is out of the hands of the end-user.

For more assistance in maintaining your security and adhering to best practices, give us a call at (813) 749-0895. Our expertise can help you to avoid losing your information in the first place, allowing you to breathe easy in the knowledge that you have less to fear.

Interested in our Services?

You should be able to run your business without having to worry about managed it support or the security of your data.

Read more about our services and how we can help you.

Related Posts

What is a Zero-Day Exploit?

While security researchers do their best to find security vulnerabilities in software and systems before they are actively exploited by attackers, they can’t be successful

Read More »

Schedule Your Free Consultation

"*" indicates required fields

Services you are interested in?*
Yes, subscribe me to Newsletter
This field is for validation purposes and should be left unchanged.

Schedule Your
Free Consultation

Are you exposed to cybersecurity, or technology obsolescence risks? Are their ways to reduce your ongoing Managed IT Support costs or improve business operations?

Information Security by your Managed IT Services provider