More than a Billion Passwords Stolen by Russian Gang

Ready to change your passwords again?

If you didn’t bother changing your password when you heard about “Heartbleed” leaking out passwords, you might want to consider changing your online passwords today. In the largest known collection of stolen internet credentials, a Russian tech gang has reportedly acquired an estimated 1.2 billion username and password combinations, along with over 500 email addresses.

A security firm based out of Milwaukee, Wisconsin conducted an 18 month study of the security breach. It has not announced specific sites that were hit, citing non-disclosure agreements and concerns for websites that still may still be vulnerable. An independent security expert confirmed the claims as authentic.

The hackers used unsuspecting zombie computers with viruses to allow a single operator to control a large group of virus infected computers to test for SQL vulnerabilities on servers.

When vulnerability was discovered on a website or server, hackers then executed SQL injections to send malicious commands to the website. In this way they were able to collect databases full of user names and passwords. Small and large websites have been affected worldwide by this hack.

So far, the stolen data has only been sold in small quantities on the black market, and used to access social media to send out spam messages. Hold Security had originally offered to check security breaches for a fee of $120 but seem to be revising their efforts after some criticism.

So what’s a person to do when it seems like keeping data secret is a losing battle?

  • Change your passwords, and make sure they are strong, secure passwords with capital letters, lower case letters, numbers, and special characters.
  • Businesses should run a check with the webmaster to see if their websites are vulnerable to SQL attack.
  • Don’t use the same username/password combination for all the sites you access, particularly important ones like banking.
  • Don’t panic, and have a plan in place in case you are a victim of data theft.

For more information on keeping your data secure, visit our blog posts on Heartbleed, and Preventing your Email from Getting Hacked. Or you can contact us here at Appletree MediaWorks for more information.