Dev.SN ♥ developers
Sections
Dev.SN
posted by
Cactus
on Thursday February 27 2014, @11:30AM
from the uses-same-password-for-everything dept.
from the uses-same-password-for-everything dept.
c0lo writes:
"Reuters reports that security company Hold Security LLC has uncovered stolen log in credentials from some 360 million online accounts that are available for sale on cyber black markets. Some of the more salient points in the article include:
- The data was made available over the past three weeks, meaning an unprecedented amount of stolen credentials are available for sale underground.
- The security firm is unsure where the credentials came from or what they can be used to access; the worst case scenario may include online bank account and private health records.
- The credentials were stolen in breaches that have yet to be publicly reported. The companies attacked may be unaware for the present.
The same source reports the stash was obtained in multiple breaches, but the log in credentials of 105 million accounts may have been taken in a single attack. If confirmed, this would make the largest single breach to date.
Hold Security LLC is the same company that uncovered the Adobe customer data breach in October 2013."
This discussion has been archived.
No new comments can be posted.
360 Million Newly Stolen Credentials on Black Market
|
Log In/Create an Account
| Top
| 1000 moderator points
| 39 comments
| Search Discussion
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
I'm not a robot like you. I don't like having disks crammed into me... unless they're Oreos, and then only in the mouth.
-- Fry
(Score: 5, Interesting) by Anonymous Coward on Thursday February 27 2014, @11:50AM
Companies need to be held criminally responsible for data breaches like these. Designers / administrators who sign off on systems that lose customer data should be personally fined or reprimanded by their professional organizations.
If customer data is a) stolen, and b) not encrypted / salted / etc., then someone was negligent. The web is no longer the wild west; computer security is no longer an academic concern.
(Score: 5, Funny) by c0lo on Thursday February 27 2014, @12:02PM
Believe me, is far more than the wild west.
Want a proof? I can guarantee they didn't have as many individual hookers as there are pr0n sites today.
(Score: 1) by SuperCharlie on Thursday February 27 2014, @01:15PM
My tinfoil hat tells me it is more likely that undisclosed vulnerabilities are used at this scale than sloppy coding/security. The kind that sell on the black market and are hoarded by "other" entities.
(Score: 4, Funny) by bd on Thursday February 27 2014, @02:14PM
My tinfoil hat tells me it is more likely that undisclosed vulnerabilities are used at this scale
Confused here... I thought the hat was intended to make the voices go away?!
(Score: 5, Interesting) by Buck Feta on Thursday February 27 2014, @01:33PM
Who would ever take one of these jobs then?
(Score: 5, Interesting) by SMI on Thursday February 27 2014, @01:40PM
Yeah, really. Eventually the omniscient upper-management, who are responsible for oversight, ought to have to be held accountable. Not any time soon, obviously, but eventually!
(Score: 0) by Anonymous Coward on Thursday February 27 2014, @08:50PM
Not like they usually get to sign off on systems themselves. They're more likely to be told to stuff their paranoia, and just get things done.