# Russian gang said to have collected over a BILLION stolen passwords.



## MannDude (Aug 6, 2014)

> A Russian crime ring has amassed the largest known collection of stolen Internet credentials, including 1.2 billion user name and password combinations and more than 500 million email addresses, security researchers say.
> 
> The records, discovered by Hold Security, a firm in Milwaukee, include confidential material gathered from 420,000 websites, including household names, and small Internet sites. Hold Security has a history of uncovering significant hacks, including the theft last year of tens of millions of records from Adobe Systems.
> 
> Hold Security would not name the victims, citing nondisclosure agreements and a reluctance to name companies whose sites remained vulnerable. At the request of The New York Times, a security expert not affiliated with Hold Security analyzed the database of stolen credentials and confirmed it was authentic. Another computer crime expert who had reviewed the data, but was not allowed to discuss it publicly, said some big companies were aware that their records were among the stolen information.



Read more at the source: http://www.nytimes.com/2014/08/06/technology/russian-gang-said-to-amass-more-than-a-billion-stolen-internet-credentials.html


----------



## Kayaba Akihiko (Aug 6, 2014)

Fuck is that scary...


----------



## drmike (Aug 6, 2014)

Welcome to the internet, we own your bases.


----------



## DomainBop (Aug 6, 2014)

> the largest known collection of stolen Internet credentials, including 1.2 billion user name and password combinations and more than 500 million email addresses


That's not true. The NSA has the largest known collection of illegally obtained Internet credentials...


----------



## sv01 (Aug 6, 2014)

https://krebsonsecurity.com/2014/08/qa-on-the-reported-theft-of-1-2b-email-accounts/


----------



## SPINIKR-RO (Aug 7, 2014)

Media seems to be running with this headline but it doesnt really sound like much of a story to me.


----------



## DomainBop (Aug 7, 2014)

> Hold Security is already capitalizing on the panic, charging a $120-per-year subscription to anyone who wants to check if their name and password are on the list. Hold says it's just trying to recoup expenses, but there's something unseemly about stoking fears of cybercrime and then asking concerned citizens to pay up...


http://www.theverge.com/2014/8/6/5973729/the-problem-with-the-new-york-times-biggest-hack-ever


----------



## SPINIKR-RO (Aug 7, 2014)

LastPass is free as long as you pay the $12/yr for premium. They have a tool that runs any of your stored emails through leaks. They are also warning people if passwords were last updated prior to heartbleed etc.


----------



## HalfEatenPie (Aug 7, 2014)

SPINIKR-RO said:


> LastPass is free as long as you pay the $12/yr for premium.


This sentence just made me lol


----------



## SPINIKR-RO (Aug 7, 2014)

lol well I meant their credential leak feature. But yeah.


----------



## raindog308 (Aug 7, 2014)

I assumed that "1.2 billion passwords amassed" means "we concatenated a bunch of previous leak files together".


----------



## TekStorm - Walter (Sep 4, 2014)

Yeah that is scary, thats why i try to change my pass word on everything on a regular basis and keep a close eye on everything that is important. I work to long and to hard to let some one to walk away with it.


----------



## fixidixi (Sep 6, 2014)

yeah but they havent said those are a billion distinct passwords 

could be select count(id),min(plaintext_pwd) from passwords
result: Password1 | billion


----------

