Stories
Slash Boxes
Comments

Dev.SN ♥ developers

360 Million Newly Stolen Credentials on Black Market

posted by Cactus on Thursday February 27 2014, @11:30AM   Printer-friendly
from the uses-same-password-for-everything dept.

c0lo writes:

"Reuters reports that security company Hold Security LLC has uncovered stolen log in credentials from some 360 million online accounts that are available for sale on cyber black markets. Some of the more salient points in the article include:

  • The data was made available over the past three weeks, meaning an unprecedented amount of stolen credentials are available for sale underground.
  • The security firm is unsure where the credentials came from or what they can be used to access; the worst case scenario may include online bank account and private health records.
  • The credentials were stolen in breaches that have yet to be publicly reported. The companies attacked may be unaware for the present.

The same source reports the stash was obtained in multiple breaches, but the log in credentials of 105 million accounts may have been taken in a single attack. If confirmed, this would make the largest single breach to date.

Hold Security LLC is the same company that uncovered the Adobe customer data breach in October 2013."

 
This discussion has been archived. No new comments can be posted.
360 Million Newly Stolen Credentials on Black Market | Log In/Create an Account | Top | 1000 moderator points   | 39 comments | Search Discussion
Display Options Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 5, Interesting) by caseih on Thursday February 27 2014, @11:45AM

    by caseih (2744) on Thursday February 27 2014, @11:45AM (#8012)

    I wonder if there's a way to find out if any of my login credentials are in that list. Would be kind of nice if they had a way that we could search just for my login name's presence in the list.

    I used to google for a some of the digits of my credit card time or ssn to see if they existed out there in some document. Never have found anything that way.

    Starting Score:    1  point
    Moderation   +4  
       Interesting=4, Total=4
    Extra 'Interesting' Modifier   0  
    Total Score:   5  

  • (Score: 5, Informative) by mrwizrd on Thursday February 27 2014, @11:49AM

    by mrwizrd (2299) on Thursday February 27 2014, @11:49AM (#8014)

    You might check https://haveibeenpwned.com/ [haveibeenpwned.com].

    • (Score: 3, Interesting) by swisskid on Thursday February 27 2014, @12:59PM

      by swisskid (803) on Thursday February 27 2014, @12:59PM (#8045)

      This is cool, but I wonder how my account that I created in 2013 on Gawker got pwned in the 2010 hack.

    • (Score: 1) by ikanreed on Thursday February 27 2014, @01:31PM

      by ikanreed (3164) on Thursday February 27 2014, @01:31PM (#8062)

      This is the most useful website ever.

    • (Score: 5, Informative) by captain normal on Thursday February 27 2014, @03:25PM

      by captain normal (2205) on Thursday February 27 2014, @03:25PM (#8092)

      Sure...Like I'm going to just enter my user-name for all my email and other accounts into a field in some random site.

    • (Score: 0) by Anonymous Coward on Friday February 28 2014, @02:34AM

      by Anonymous Coward on Friday February 28 2014, @02:34AM (#8324)

      Of course I have. The best part about it is that when the NSA comes to drag me away, I can claim it was just a hacker in China.

  • (Score: 5, Funny) by Katastic on Thursday February 27 2014, @12:03PM

    by Katastic (3340) on Thursday February 27 2014, @12:03PM (#8029)

    >I wonder if there's a way to find out if any of my login credentials are in that list.

    Easy. Just type it here and I'll check. Don't worry, your password will just show up as ******* to us.

    • (Score: 5, Funny) by snick on Thursday February 27 2014, @12:45PM

      by snick (1408) on Thursday February 27 2014, @12:45PM (#8041)

      Oh great. How did you guess that my password is "*******" ?

    • (Score: 5, Funny) by olorin1 on Thursday February 27 2014, @01:16PM

      by olorin1 (2432) on Thursday February 27 2014, @01:16PM (#8054)

      Let's give this a shot: hunter1

    • (Score: 5, Funny) by marcello_dl on Thursday February 27 2014, @02:12PM

      by marcello_dl (2685) on Thursday February 27 2014, @02:12PM (#8073)

      My password IS "*******", you insensitive clod!

    • (Score: 3, Funny) by FuckBeta on Thursday February 27 2014, @03:32PM

      by FuckBeta (1504) on Thursday February 27 2014, @03:32PM (#8093) Homepage

      hunter2

      --
      Quit Slashdot...because Fuck Beta!

  • (Score: 5, Funny) by paddym on Thursday February 27 2014, @12:28PM

    by paddym (196) on Thursday February 27 2014, @12:28PM (#8035)

    No problem sir. Just input your username/password/website into this dialog and we can see if it matches any of the 360 million hashes we have on file. Ok, just wait a few minutes. Don't hit the back button, or check any of your pertinent accounts. We will be finishing our analysis in just a few minutes. Unfortunately, it appears your website is a match, and most of your data has been stolen. Fortunately, you can just pay $xxx to reinstate your account and have your password reset. Now you can feel confident that no one has access to your account. Like us on facebook and write a yelp review about your experience.