Hacked accounts anyone?

By Cameron Abbott and Giles Whittaker

Have you been hacked? If you are the user of a Google, Yahoo or Microsoft e-mail account then it is a possibility. Alex Holden, the founder and Chief Information Officer of Hold Security who discovered the hack has identified 272.3 million account credentials have been stolen. The majority of these accounts are users of Mail.ru which is Russia’s most popular e-mail service.

57 million Mail.ru account credentials had been hacked and Mail.ru “are now checking any combinations of usernames/passwords match users’ e-mails and are still active”, from initial checks there were no live combinations.

Google and Yahoo are yet to provide any response.

This recent hack, which was performed by a young Russian hacker who is more determined to become famous than rich from his recent efforts after only asking for 50 roubles (less than $1) for the entire dataset, is one of the biggest collection of stolen credentials since the attacks on major US banks and retailers two years ago. The information which was stolen, as suggest by Holden in an interview with Reuters is “potent [and] it is floating around in the underground…which can be abused multiple times.”

Some of the stolen credentials include those for employees of large US banking, manufacturing and retail companies. When considering that 22 percent of big data breaches come from stolen online credentials (according to a recent survey of 325 computer professional) and hacks of this nature typically allow for further break-ins or phishing attacks by accessing the contacts of each hacked account, the domino effect of a hack such as this is substantial. Furthermore, individuals that like to re-use their preferred passwords across multiple accounts have exposed themselves to additional hacks.

So what is the take away message? According to Will Harwood, founder and Chief Technology Officer of Silicon SAFE, the solution as he told Infosecurity is to put the “password data in a dedicated hardware supported database that only allows data to be stored and compared, never revealed.”

For more of Will Harwood’s security suggestions and the Infosecurity article click here.

To read more about Alex Holden’s discovery of the Russian hacker click here.

Copyright © 2024, K&L Gates LLP. All Rights Reserved.