Skip to Content

Russian Hackers Collect Over A Billion Passwords

Milwaukee-based Hold Security announced earlier this month that a Russian crime ring has stolen the largest amount of internet credentials in history. They reported that over a billion usernames and password combinations along with 500 million email addresses were taken.

The Details of the Information Theft

The gang of cyber criminals gathered up stolen credentials for several years and began buying personal information on the black market in 2011. But beginning in April 2013, they advanced their capabilities.  Alex Holden, the founder and chief information security officer at Hold Security, said that he believes that the group teamed up with another criminal group, which he has not yet identified, in order to learn more about various hacking techniques.

Since then, the group has begun using botnets — networks of computers that have been infected   by a virus — for stealing information on a massive scale. By July, they were able to steal 4.5 billion records, each with a user-name and password. Although many of these records overlapped, Holden estimated that around 1.2 billion of them were unique.

According to the security firm, the hackers captured information from over 420,000 websites. The victims were from countries around the world, and ranged in size from small businesses to large corporations.

How to Protect Your Information

While it remains unclear what companies were struck by the latest theft, there can be no doubt that both corporations and consumers should be cautious. Primarily, those concerned about the safety of their records should change their passwords, making sure not to duplicate passwords for multiple sites.

Another crucial measure involves using a password manager tool. These applications create unique passwords for each site that a person visits, and then stores them in a database secured by a master password. This decreases the likelihood of a person using the same password twice or choosing one that is too easy to hack.

While managing passwords it is a good first step it is just part of the solution. Other security features such as secondary or two-factor authentication should also be used when the opportunity presents itself. Websites that use this method will send users a message with a one-time code necessary to enter before accessing the system.

While consumers should be on guard to protect themselves, information security companies are still the best option for stopping hackers. Contact XPERTECHS to review the best security options for your organization.