Russian gang said to have collected over a BILLION stolen passwords.

MannDude · Aug 6, 2014

A Russian crime ring has amassed the largest known collection of stolen Internet credentials, including 1.2 billion user name and password combinations and more than 500 million email addresses, security researchers say.

The records, discovered by Hold Security, a firm in Milwaukee, include confidential material gathered from 420,000 websites, including household names, and small Internet sites. Hold Security has a history of uncovering significant hacks, including the theft last year of tens of millions of records from Adobe Systems.

Hold Security would not name the victims, citing nondisclosure agreements and a reluctance to name companies whose sites remained vulnerable. At the request of The New York Times, a security expert not affiliated with Hold Security analyzed the database of stolen credentials and confirmed it was authentic. Another computer crime expert who had reviewed the data, but was not allowed to discuss it publicly, said some big companies were aware that their records were among the stolen information.

Read more at the source: http://www.nytimes.com/2014/08/06/technology/russian-gang-said-to-amass-more-than-a-billion-stolen-internet-credentials.html

Kayaba Akihiko · Aug 6, 2014

Fuck is that scary...

drmike · Aug 6, 2014

Welcome to the internet, we own your bases.

DomainBop · Aug 6, 2014

the largest known collection of stolen Internet credentials, including 1.2 billion user name and password combinations and more than 500 million email addresses

That's not true. The NSA has the largest known collection of illegally obtained Internet credentials...

sv01 · Aug 6, 2014

https://krebsonsecurity.com/2014/08/qa-on-the-reported-theft-of-1-2b-email-accounts/

SPINIKR-RO · Aug 7, 2014

Media seems to be running with this headline but it doesnt really sound like much of a story to me.

DomainBop · Aug 7, 2014

Hold Security is already capitalizing on the panic, charging a $120-per-year subscription to anyone who wants to check if their name and password are on the list. Hold says it's just trying to recoup expenses, but there's something unseemly about stoking fears of cybercrime and then asking concerned citizens to pay up...

http://www.theverge.com/2014/8/6/5973729/the-problem-with-the-new-york-times-biggest-hack-ever

SPINIKR-RO · Aug 7, 2014

LastPass is free as long as you pay the $12/yr for premium. They have a tool that runs any of your stored emails through leaks. They are also warning people if passwords were last updated prior to heartbleed etc.

HalfEatenPie · Aug 7, 2014

SPINIKR-RO said:
LastPass is free as long as you pay the $12/yr for premium.

This sentence just made me lol

SPINIKR-RO · Aug 7, 2014

lol well I meant their credential leak feature. But yeah.

raindog308 · Aug 7, 2014

I assumed that "1.2 billion passwords amassed" means "we concatenated a bunch of previous leak files together".

TekStorm - Walter · Sep 4, 2014

Yeah that is scary, thats why i try to change my pass word on everything on a regular basis and keep a close eye on everything that is important. I work to long and to hard to let some one to walk away with it.

fixidixi · Sep 6, 2014

yeah but they havent said those are a billion distinct passwords

could be select count(id),min(plaintext_pwd) from passwords
result: Password1 | billion

Russian gang said to have collected over a BILLION stolen passwords.

MannDude

Just a dude

Kayaba Akihiko

New Member

drmike

100% Tier-1 Gogent

DomainBop

Dormant VPSB Pathogen

sv01

Slow but sure

SPINIKR-RO

New Member

DomainBop

Dormant VPSB Pathogen

SPINIKR-RO

New Member

HalfEatenPie

The Irrational One

SPINIKR-RO

New Member

raindog308

vpsBoard Premium Member

TekStorm - Walter

New Member

fixidixi

Active Member