Russian Gang Amasses Over A Billion Internet Passwords

[HardOCP News]

Yes folks, that headline says BILLION...with a B.

A Russian crime ring has amassed the largest known collection of stolen Internet credentials, including 1.2 billion username and password combinations and more than 500 million email addresses, security researchers say.

 

[Red Squirrel]

All I can think of is how terrible this "expert's" cable management is.

 

[Nenu]

Well then, theres no need for any more, they'll have a hard time getting through those.
Cyber crims had better give up collecting until they've sorted the backlog.

 

[TwistedAegis]

450M of those e-mail addresses are the same Russian hackers' fake accounts sending Nigerian 419 scams.

 

[dgingeri]

OK. Time to nuke Russia.

 

[Sergetto]

1 in a billion better worse than lotto odds

 

[gamerk2]

Passwords are not secure. End discussion.

If you don't want something known, don't put it on anything connected to the internet.

 

[Zepher]

Guy seems to know a lot about these russian dudes,

The hacking ring is based in a small city in south central Russia, the region flanked by Kazakhstan and Mongolia. The group includes fewer than a dozen men in their 20s who know one another personally — not just virtually. Their computer servers are thought to be in Russia.

“There is a division of labor within the gang,” Mr. Holden said. “Some are writing the programming, some are stealing the data. It’s like you would imagine a small company; everyone is trying to make a living.”

They began as amateur spammers in 2011, buying stolen databases of personal information on the black market. But in April, the group accelerated its activity. Mr. Holden surmised they partnered with another entity, whom he has not identified, that may have shared hacking techniques and tools.

 

[dandirk]

password1
password2

through

password1000000000

Wonder how they got mine?

 

[Ehren8879]

The number one source of spam on our system, due to compromised user credentials, is of Russian origins. People tend to have the same password for a very long time, unless persuaded to change it.

 

[B00nie]

Russia is the sess pool of all illegal and has always been. In many ways the world would have been a much better place if the Soviet Union never collapsed. We would at least have the iron curtain. Not protecting them, but us.

 

[Gweenz]

Russia is the sess pool of all illegal and has always been. In many ways the world would have been a much better place if the Soviet Union never collapsed. We would at least have the iron curtain. Not protecting them, but us.

Methinks you have never been to Chicago.

 

[LeninGHOLA]

Methinks you have never been to Chicago.

Russia has triple the homicide rate compared to the US. It is also mostly run by crime syndicates. Plus, their human trafficking record is... shocking.

Chicago is pretty bad, but just not Russia bad.

 

[Mister Natural]

I've come to the conclusion that if you want to stay on top of this ongoing situation, you'll want to begin a policy of changing your passwords every 30 days on any account you have online.

 

[temujin987]

that is what some security company claims. as far as i can tell there is no proof. and said company wants money if you want to verify whether you had a security breach as well. and conveniently, it wasn't chinese hackers this time because right now russia is the #1 evil country right now. it's a scam and a load of BS imo.

 

[cptnjarhead]

Russia has triple the homicide rate compared to the US. It is also mostly run by crime syndicates. Plus, their human trafficking record is... shocking.

Chicago is pretty bad, but just not Russia bad.

wait, i thought you were still talking about chicago

 

[Zarathustra[H]]

I wonder when we will switch to certificate based authentication online...

I guess after reading this my thought is, what good is knowing this information to me, if I don't know which sites are affected, so I can go change my passwords?

 

[evilsofa]

Hold Security won't give anyone access to the full list. Website authors only get to find out if they're in the list by paying for a $120/year subscription; they are now being nice enough to extend a free 30 day trial for a $10/month subscription for individual consumers.

But wait! There's more! The offer was originally going to be $120 per month for everybody! Until pesky journalists started asking questions.

Whoo boy, this stinks of scam. File this one in the "disregard completely" bucket.

 

[Red Squirrel]

I've come to the conclusion that if you want to stay on top of this ongoing situation, you'll want to begin a policy of changing your passwords every 30 days on any account you have online.

Yeah I'm bad for that myself I rarely change my passwords. The non important ones like forums are not really a huge deal but I should change my SSH, email, domain registrar etc passwords much more often methinks.

 

[nightfly]

Let's see; my password for jpmorganchase is citicorp; my password for citicorp is tdnorth; my password for tdnorth is charlesschwab; and my password for charlesschwab is chase. All interposed with a bunch or random numerals, of course, and then jumbled. Backwards. A few times. Bah. just use my dog's name for all of them. of course, my dog's name is 0010001010000111110011001000001. I call him binary for short.

 

[Pkirk618]

well, I have an MSN email I don't use often. Sure enough, last night and two days ago attempts from inside Russia were made. They didn't get in but they tried.

 

[Pkirk618]

today's magic attempt comes from Switzerland.

 

[JaiWebb]

I just hope they hack into my bank account and see it's so low they decide it's a great place to temporarily store a million. Then, I'll get arrested for trying to spend it all.

 

[Conker]

We will see this dictionary file of all the passwords on a torrent some time soon i bet