There's Something Suspicious About That Giant Russian Data Hack
The report was based on recent findings from security firm Hold Security, and the Times described the breach as "the largest known collection of stolen Internet credentials."
Newer reports, however, are skeptical of these claims. There are numerous details that Hold Security has not disclosed, such as whether or not the stolen data was encrypted (disguised as random characters for privacy purposes), which companies and websites had been affected by the attack, and which countries the information had been stolen from.What's more, Hold is charging a $120 subscription to their services in order to see whether or not you've been affected by the attack, as Forbes pointed out.
Joe Siegrist, CEO of password management platform LastPass, said that this could make Hold Security's findings seem suspicious. The fact that the firm is charging users a fee to see if their data has been compromised could be a red flag, but it's difficult to be sure without more information.
"It's just not how most people with breaches would react," he told Business Insider. "If you have this kind of data you want to help people and not kind of capitalize on them. It's definitely a little suspicious."
The timing is also coincidental, Siegrist said. Hacking experts and security researchers are currently gathered at the Black Hat USA security conference in Las Vegas. Another security conference called Def Con kicks off tomorrow too. It could be a ploy to generate buzz at a time when cyber security is already in the news.
"If he really does have all these leaks, he should be letting other security researchers look at it to help quantify what it is," Siergist said.
There's one detail, however, that may make the attack seem more massive than it might have been. CyberVor is believed to have obtained these stolen credentials over an extended period of time. As Hold Security writes in its explanation of the situation, which The Verge observed, the hacking ring gained data from other cyber criminals on the black market before spreading its own attacks.This means the CyberVors could have purchased some of those 1.2 billion credentials from other hackers -so the collection of credentials may not have entirely been the result of their attack.
Thus, it may not make make sense to directly compare this situation with the recent Target breach, in which hackers from Easter Europe stole 40 million credit card numbers, as the Times does in its story.
Although there are a lot of unanswered questions, here's a brief overview of what we do know about the breach based on information from Hold Security:
- The gang is believed to have amassed more than 1.2 billion unique password and username combinations and more than 500,000 email addresses.
- The hacking ring is said to have robbed 420,000 websites to obtain this information.
- The hackers have targeted both small personal websites and large companies, but Hold wouldn't disclose the names of any victims.
- According to The New York Times, some big companies are aware that their records have been stolen.
- The hackers are using botnets to obtain this information. Botnets allow hackers to affect thousands and thousands of computers with infected software that allows them to remotely control the victimized computer.
We've reached out to Hold Security to answer some of these questions. We'll update this article accordingly when we hear back.