This week, Russian hackers stole the largest known collection of emails, passwords and usernames, with the haul consisting of 1.2 billion username and password combinations, along with over half a billion email addresses. In this article, a number of key players in the security industry comment on what this means for the digital sector, and how to prevent further breaches in the future.
On Tuesday night, Russian hackers stole 1.2 billion user name and password combinations, hitting big name websites “in virtually all industries across the world”.
Hold Security, based in Milwaukee, says the ‘Cybervor’ gang stole the information from 420,000 web and FTP sites- a stark reminder that marketers can’t skimp on tech areas like security and testing in the rush to launch online services- potentially putting valuable customer data at risk.
So far it appears little of the information has been sold to other online criminals. Instead, it is being used to send marketing pitches and junk messages on social networks such as Twitter.
TK Keanini, CTO at Lancope,said: “There is a glutton of credentials always floating around the black market and because of this fact, security professionals need more than just traditional detection signatures looking for exploits and attacks because the adversary is just going to login to your network normally. In particular, defenders need anomaly detection methods as it is the only way to discovery this abuse in its early stages.”
Mark Bower, VP at Voltage Security, commented: “This sounds all too familiar: weakly secured sites, preventable vulnerabilities that aren’t patched, and automated botnets to exploit them yielding massive troves of identity data suitable for a ruthless secondary online system attacks at tremendous scale. Yet more evidence the bad guys are winning big at consumers’ expense who will foot the bill for this in the end like a hidden tax. Clearly it’s time to change the game in data-security and neutralize data-breach risks instead of paying the heavy price when sensitive data falls into the wrong hands all too easily.”
Michael Sutton, VP of security research at Zscaler, added: “With 420,000 sites infected, it will be impossible to work with all of the impacted companies and ensure that the vulnerabilities that led to the breaches are ultimately patched. Many will remain vulnerable for some time, if not indefinitely. The attackers crowd sourced the hacking, leveraging botnet infected computers to do the heavy lifting for them and identify sites vulnerable to SQL injection attacks. This is yet another warning of the dangers of using the same credentials on multiple sites. Consumers should assume that sites they trust will be breached at some point. If they use different credentials on all sites, at least they can limit the damage. Fortunately, there are many tools/services available so that users don’t have to remember dozens of different passwords.”