Your forum username:
Do you already have an account?
Forgot your password?
  • Log in or Sign up


    Welcome to Sky User - The Unofficial Support Forum for everything Sky! - Proudly helping over 65k members.


    Advertisement

    Results 1 to 5 of 5

    Russia gang hacks 1.2 billion usernames and passwords

    This is a discussion on Russia gang hacks 1.2 billion usernames and passwords within the General Computing and Internet forums, part of the Community channel category; BBC News - Russia gang hacks 1.2 billion usernames and passwords A Russian group has hacked 1.2 billion usernames and ...

    1. #1
      Scubbie's Avatar
      Scubbie is offline Sky User Moderator
      Exchange: 02392
      Broadband ISP: Sky Fibre Unlimited
      Router: Sky Q Hub ER110
      Sky TV: Sky+HD box
      Join Date
      Mar 2010
      Location
      Near Portsmouth
      Posts
      28,084
      Thanks
      828
      Thanked 2,207 Times in 2,076 Posts

      Russia gang hacks 1.2 billion usernames and passwords

      BBC News - Russia gang hacks 1.2 billion usernames and passwords
      A Russian group has hacked 1.2 billion usernames and passwords belonging to more than 500 million email addresses, according to Hold Security - a US firm specialising in discovering breaches.

      Hold Security described the hack as the "largest data breach known to date".

      It claimed the stolen information came from more than 420,000 websites, including "many leaders in virtually all industries across the world".

      Hold Security did not give details of the companies affected by the hack.

      "They didn't just target large companies; instead, they targeted every site that their victims visited," Hold Security said in its report.

      "With hundreds of thousands of sites affected, the list includes many leaders in virtually all industries across the world, as well as a multitude of small or even personal websites."

      The New York Times, which first reported the findings, said that on its request "a security expert not affiliated with Hold Security analysed the database of stolen credentials and confirmed it was authentic".

      "Another computer crime expert who had reviewed the data, but was not allowed to discuss it publicly, said some big companies were aware that their records were among the stolen information," the paper said.

      The paper added: "Hold Security would not name the victims, citing nondisclosure agreements and a reluctance to name companies whose sites remained vulnerable."

      The Wall Street Journal later revealed that Hold Security intended to offer website owners the ability to check whether they had been affected, but only if they paid a fee.

      The firm initially posted a message on its site saying it would charge $120 (71) a month for the "breach notification service", however the details have since been replaced with a message saying "coming soon!".

      One computer security expert said he was surprised by this approach.

      "This situation is quite unusual in that the company has decided to charge for this information," Dr Steven Murdoch from University College London's computer science department told the BBC.

      "Usually they would do an initial disclosure [of who had been affected] for free and then offer their services for a fee at a later stage.

      "The company rightly points out that there is going to be a huge amount of work to securely contact all the affected websites, but a common solution to this is to partner with a government or industry-funded organisation to help with that."

      Despite the large amount of credentials said to have been compromised, Dr Murdoch added that it would be premature to advise the public to reset all their passwords.

      "Although there's a large amount of passwords involved, a lot of them could be irrelevant and many of the websites tiny," he said.

      "It's not necessarily the case that a large proportion of internet users have been affected. Until we get more statistics we won't know that.

      "So, there's no reason to panic now, but perhaps it's a good reminder to follow best practice of not using the same password on multiple websites, because this will not be the last time such a breach happens."

      Multi-pronged attack?

      Hold Security, which has previously reported about hacks on Adobe and Target, said it took more than seven months of research to discover the extent of the latest hack.

      The firm claimed the gang initially acquired databases of stolen credentials from fellow hackers on the black market.

      "These databases were used to attack e-mail providers, social media, and other websites to distribute spam to victims and install malicious redirections on legitimate systems," Hold Security said.

      The hackers also got access to data from botnets - a network of computers infected with malware to trigger online fraud.

      Hold Security said the botnets helped the hacking group - which it dubbed CyberVor - identify more than 400,000 websites that were vulnerable to cyber attacks.

      "The CyberVors used these vulnerabilities to steal data from these sites' databases," the firm said.

      "To the best of our knowledge, they mostly focused on stealing credentials, eventually ending up with the largest cache of stolen personal information, totalling over 1.2 billion unique sets of e-mails and passwords."


    2. Advertisement
    3. #2
      Isitme's Avatar
      Isitme is offline Sky User Moderator
      Exchange: Bannockburn
      Broadband ISP: Sky Fibre Unlimited
      Router: Sky Hub SR102
      Sky TV: Sky+ HD
      Join Date
      Dec 2006
      Location
      Central Scotland
      Posts
      34,256
      Thanks
      65
      Thanked 1,655 Times in 1,616 Posts

      Re: Russia gang hacks 1.2 billion usernames and passwords

      The Wall Street Journal later revealed that Hold Security intended to offer website owners the ability to check whether they had been affected, but only if they paid a fee.
      A bit like ransomeware then! Makes you wonder if it were really the Russians who hacked the sites.

      TomD


      Please note the views and recommendations in my posts are my own and in no way reflect the views of SkyUser.


      Useful Utilites

      http://www.nirsoft.net/utils/wifi_information_view.html/ TCPOptimiser /Test Socket

      Note - When downloading always select the Custom install or you will end up with stuff you don't want.





    4. #3
      Scubbie's Avatar
      Scubbie is offline Sky User Moderator
      Exchange: 02392
      Broadband ISP: Sky Fibre Unlimited
      Router: Sky Q Hub ER110
      Sky TV: Sky+HD box
      Join Date
      Mar 2010
      Location
      Near Portsmouth
      Posts
      28,084
      Thanks
      828
      Thanked 2,207 Times in 2,076 Posts

      Re: Russia gang hacks 1.2 billion usernames and passwords

      With everything else going on at the moment, I can't see why someone can't just disconnect all access to the Internet from certain countries until further notice.

      I know that during the 'Arab Spring' this was done by the respective Governments to stop the citizens from advertising what they are doing, but in this case I would argue that our personal security is at risk from the respective Governments.

      Sky Fibre Unlimited Pro: Connected at 80,000 kbps / 20,000 kbps
      Previous ADSL2+ Speed 19999 kbps 1153 kbps, Line Attenuation 17.5 db 6.9 db, Noise Margin 7.5 dB 8.7 dB
      Speedtest: 17.15MB/s 0.97Mb/s Ping 31 ms

    5. #4
      gymno's Avatar
      gymno Guest
      Exchange:
      Broadband ISP:
      Router:
      Sky TV:

      Re: Russia gang hacks 1.2 billion usernames and passwords

      Because they'd be doing it every 5 minutes?

    6. #5
      bubblegun's Avatar
      bubblegun is offline Sky User Member
      Exchange: near Glasgow
      Broadband ISP: Sky ADSL
      Router: Billion 7400
      Sky TV: Sky Q 2TB
      Join Date
      Mar 2007
      Location
      Scotland
      Posts
      1,491
      Thanks
      24
      Thanked 123 Times in 118 Posts

      Re: Russia gang hacks 1.2 billion usernames and passwords

      Quote Originally Posted by Scubbie View Post
      With everything else going on at the moment, I can't see why someone can't just disconnect all access to the Internet from certain countries until further notice.

      I know that during the 'Arab Spring' this was done by the respective Governments to stop the citizens from advertising what they are doing, but in this case I would argue that our personal security is at risk from the respective Governments.
      The internet is the best tool the "West" have to change things in Russia, cutting them off from the rest of the internet isn't going to do anything other than make it worse.

      Things like this are collateral damage.

      There are obviously "gangs" doing this in the "West" but they're not stupid enough to proclaim it publicly otherwise how will they make money off it?
      It's possibly admirable that they are letting people know they have this information before they steal from them.
      Last edited by bubblegun; 07-08-14 at 05:54 AM. Reason: punctuation and grammar

     

     

    Tags for this Thread

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •  
    SkyUser - Copyright © 2006-2017. SatDish and NewsreadeR | SkyUser is in no way affiliated with Sky Broadband / BSkyB
    RIPA NOTICE: NO CONSENT IS GIVEN FOR INTERCEPTION OF PAGE TRANSMISSION