Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Shadowy Russian hacker group hijacked 1.2 billion usernames, passwords


  • Please log in to reply
4 replies to this topic

#1 JohnC_21

JohnC_21

  • Members
  • 24,849 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:47 AM

Posted 05 August 2014 - 06:29 PM

A Wisconsin security firm claims that a Russian criminal group has accumulated the largest known collection of stolen online usernames and passwords via SQL injections, according to a new report in The New York Times on Tuesday.

Hold Security, which did not immediately respond to Ars’ request for comment, apparently has 1.2 billion usernames and passwords across 420,000 sites. It declined to tell The Times which companies were affected, nor name the group specifically.

In February 2014, Hold Security also discovered 360 million compromised login credentials for sale in underground crime forums. The haul, which included an additional 1.25 billion records containing only e-mail addresses, came from multiple breaches. In October 2013, the same firm discovered the circulation of 153 million user names and passwords stolen during a massive breach of Adobe's corporate network. A month later, the security firm uncovered 42 million plaintext passwords taken during a hack on niche dating service Cupid Media.

 

I wonder if this is for real.

 

Article



BC AdBot (Login to Remove)

 


#2 scotty_ncc1701

scotty_ncc1701

  • Members
  • 520 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:47 AM

Posted 05 August 2014 - 07:05 PM

http://www.nytimes.com/2014/08/06/technology/russian-gang-said-to-amass-more-than-a-billion-stolen-internet-credentials.html?_r=0

http://www.nytimes.com/interactive/2014/08/05/technology/what-you-need-to-know-with-russian-hack.html

 

:luke:
 


Edited by scotty_ncc1701, 05 August 2014 - 07:07 PM.


#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,090 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:47 AM

Posted 05 August 2014 - 08:53 PM

Related news links...topics merged.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:47 AM

Posted 06 August 2014 - 08:23 AM

 

A Wisconsin security firm claims that a Russian criminal group has accumulated the largest known collection of stolen online usernames and passwords via SQL injections, according to a new report in The New York Times on Tuesday.

Hold Security, which did not immediately respond to Ars’ request for comment, apparently has 1.2 billion usernames and passwords across 420,000 sites. It declined to tell The Times which companies were affected, nor name the group specifically.

In February 2014, Hold Security also discovered 360 million compromised login credentials for sale in underground crime forums. The haul, which included an additional 1.25 billion records containing only e-mail addresses, came from multiple breaches. In October 2013, the same firm discovered the circulation of 153 million user names and passwords stolen during a massive breach of Adobe's corporate network. A month later, the security firm uncovered 42 million plaintext passwords taken during a hack on niche dating service Cupid Media.

 

I wonder if this is for real.

 

Article

 

 

For such news items, I turn to Brian Krebs to know if it is real: http://krebsonsecurity.com/

He hasn't posted or tweeted yet about this.


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#5 JohnC_21

JohnC_21
  • Topic Starter

  • Members
  • 24,849 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:47 AM

Posted 06 August 2014 - 12:33 PM

According to Krebs, he believes it is real.

 

 

Q: Is this for real?

A: Alex isn’t keen on disclosing his methods, but I have seen his research and data firsthand and can say it’s definitely for real. Without spilling his secrets or methods, it is clear that he has a first-hand view on the day-to-day activities of some very active organized cybercrime networks and actors

 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users