Billions of credentials stolen by Russian hacking ring
The inevitable always happens when it comes to the internet, a place where your data is never actually safe, no matter how many precautions you take. Privacy is the main concern of many, that’s why we employ the safest mail clients we can find, apps that make our data self-destruct, the safest browsers such as Tor or phone cases that encrypt our data. All in vain, apparently, since a Russian hacking ring has reportedly got hold of about 1.2 billion username and password combinations and over 500 million e-mail addresses.
So far, the stolen credentials have not been distributed or sold to anyone, as far as we know, but the hacking ring has started spamming social networks linked to the credentials. This Russian endeavor has been dubbed the largest internet credential theft in history, and all the info was supposedly gathered using SQL injections and botnets from over 400k websites. The targeted sites’ addresses have not been disclosed, naturally, but sources say that they are being notified to act.
In December 2013, we saw the second largest data breach in U.S. history, at Target. At the time, reporters and security researchers said that the breach was started by a single e-mail which went on to affect approximately 100 million people. That first e-mail was infected by malware, which remained undetected thanks to Target’s anti-malware protection being a scan-only program without firewall.
There have been increasingly frequent credential theft and hacking incidents in the past year, demonstrating both networks’ lack of security and hackers’ fine abilities to by-pass obstacles and get into network databases akin to those of Facebook and Twitter. The actual problem is that cyber criminals tend to linger in networks unnoticed for up to a year before acting on their advantages and collecting valuable data. What each hacker does with the data stolen varies, but is usually used to target advertisements or spread malware, but most importantly tries to use credit card information to steal money. The Russian hacking ring seems to be an experienced one, sources saying the group emerged around 2011 and has been localized somewhere near Mongolia, but has been ignored by authorities. Some have actually meddled with the thought that the group might be involved with the Russian intelligence service, which means… Things might be escalating and we hope these hackers acted alone, because no one wants to be spied on by Russian intelligence officers.
In any case, the recent data security breach demonstrates that we should be more careful when using our online identities, especially on sites like Amazon, Paypal or Target and only use trusted sources and credentials when managing banking and other services as well. Token and sms logins have proven themselves the safest options to log in into valuable accounts, so we suggest you choose those over complicated password made up of 17 different characters.