Seems like just about everyone thought that the massive Target data breach earlier this year would be the biggest for a while. Yet only a matter of weeks later, eBay announced a data breach that was even bigger.
Now we’re learning of a hacker haul that makes those earlier breaches look like chump change. Security researchers in Milwaukee revealed that they’ve been monitoring a hacking gang operating from a small Russian town, and found the gang had managed to amass a database of more than 1.5 billion stolen credentials.
Here’s just a sample of what the investigators learned about the hackers, and the implications of their haul:
This is way worse. Target was a determined and slightly lucky attack on just one company. The information in the Russian hack is believed to have been stolen from close to half a million websites, ranging from Fortune 500 firms to tiny businesses.
According to researchers, most of those websites coughed up valuable information because they had vulnerabilities that had not been spotted and patched in time. But worse than that, the researchers are refusing to identify the websites involved because, they claim, most of the sites are still unpatched and vulnerable.
And while the Target breach consisted mainly of credit and debit card numbers that could easily be cancelled and replaced, it’s not so easy to change an email address you might have been using for years. And those stolen email addresses have probably been widely used for everything from spamming to phishing.
Contact SiteLock today to learn how website security completes the security puzzle and helps prevent the spread of malware and botnets.
Google Author: Neal O’Farrell