The Password Apocalypse has Happened and ThreatMetrix Predicted It

Posted on August 6th, 2014 by Dan Rampe


Russian Crime Ring Rips Off 1.2 Billion Username/Password Combos and More than Half-a-Billion Email Addresses

The crime is mind boggling. It’s as if one in every seven people on the planet had been burglarized. The gang who breached 420,000 websites from obscure to household names, was discovered by Hold Security.

Alex Holden, Hold Security’s founder and chief information security officer, said, “Hackers did not just target U.S. companies, they targeted any website they could get, ranging from Fortune 500 companies to very small websites. And most of these sites are still vulnerable.”

ThreatMetrix predicted this would happen as early as 2013 when  Alisdair Faulkner, ThreatMetrix chief products officer, ThreatMetrix, wrote: “2013: The Year of the Password Apocalypse.”

Early this year Andreas Baumhof, ThreatMetrix chief technology officer, wrote on the same subject, “3 Steps Businesses Can Take to Guard Against ‘Password Apocalypse’ in Wake of Data Breaches.”

And finally, ThreatMetrix provided you with an infographic titled “Data Breach! What Happens Next.”

In their story, Nicole Perlroth and David Gelle explore the background and ramifications of this unprecedented and wide-ranging security breach. The following has been excerpted from their piece and edited to fit our format. You may find their full article by clicking on this link.

[The] size of the latest discovery has prompted security experts to call for improved identity protection on the web.

“Companies that rely on usernames and passwords have to develop a sense of urgency about changing this,” said Avivah Litan, a security analyst at Gartner, the research firm. “Until they do, criminals will just keep stockpiling people’s credentials.”

Websites inside Russia had been hacked, too, and Mr. Holden said he saw no connection between the hackers and the Russian government. He said he planned to alert law enforcement after making the research public, though the Russian government has not historically pursued accused hackers.

So far, the criminals have not sold many of the records online. Instead, they appear to be using the stolen information to send spam on social networks like Twitter at the behest of other groups, collecting fees for their work.

But selling more of the records on the black market would be lucrative.

The hacking ring is based in a small city in south central Russia, the region flanked by Kazakhstan and Mongolia. The group includes fewer than a dozen men in their 20s who know one another personally — not just virtually. Their computer servers are believed to be in Russia.

“There is a division of labor within the gang,” Mr. Holden said. “Some are writing the programming, some are stealing the data. It’s like you would imagine a small company; everyone is trying to make a living.”

They began as amateur spammers in 2011, buying stolen databases of personal information on the black market. But in April, the group accelerated its activity. Mr. Holden surmised they partnered with another entity, whom he has not identified, that may have shared hacking techniques and tools.

Since then, the Russian hackers have been able to capture credentials on a mass scale using botnets…. Any time an infected user visits a website, criminals command the botnet to test that website to see if it is vulnerable to… a SQL injection [where] a hacker enters commands that cause a database to produce its contents. If the website proves vulnerable, criminals flag the site and return later to extract the full contents of the database.

“They audited the Internet,” Mr. Holden said. It was not clear, however, how computers were infected with the botnet in the first place.

By July, criminals were able to collect 4.5 billion records — each a username and password — though many overlapped. After sorting through the data, Hold Security found that 1.2 billion of those records were unique. Because people tend to use multiple emails, they filtered further and found that the criminals’ database included about 542 million unique email addresses.

The average total cost of a data breach jumped 15 percent this year from last year, to $3.5 million per breach, from $3.1 million, according to a joint study last May, published by the Ponemon Institute, an independent research group, and IBM.

ThreatMetrix® builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 500 million monthly transactions and protects more than 160 million active user accounts across 2,500 customers and 10,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.



2013: The Year of the Password Apocalypse

Posted on November 25th, 2013 by Dan Rampe

ThreatMetrix Offers Advanced Cybercrime Prevention Measures in Response to the Many Data Breaches throughout 2013

San Jose, Calif. – November 25, 2013 – ThreatMetrix™, the fastest-growing provider of integrated cybercrime solutions, today announces several strategies businesses can implement in place of passwords to prevent data breaches and other cybercrime risks. Sophisticated cybercriminals have figured out several ways to take advantage of weak login information and easily decodable password hints to compromise hundreds of millions of accounts, leading to the downfall of passwords.

Passwords have proven to be an ineffective system of protecting personal account information and online businesses should seek alternative methods for protecting their customers. Recent high profile data breaches – including those of Adobe and LivingSocial – have compromised more than 130 million customer accounts.

Following recent data breaches, companies now walk the fine line between increasing cybersecurity to protect sensitive account data and alienating their customers through arduous screening processes. Some businesses implement layered strategies such as two-factor authentication to ward off attackers while others aren’t heightening their security measures at all for fear of inconveniencing customers – and both methods are a mistake.

“Retailers are caught between a rock and a hard place. They loath introducing speed bumps, such as resetting passwords or requiring two-factor authentication, as these steps pose an inconvenience to their customers,” said Alisdair Faulkner, chief products officer at ThreatMetrix. “It’s crucial to adapt effective technologies that can quickly identify potential threats without negatively impacting the user experience for customers.”

Many companies now find themselves searching for the balance between cautious and intrusive. ThreatMetrix offers these recommendations for retailers for businesses to protect their customers above and beyond password:

Integrate Login and Payment Screening to have a single view of the customer whether they do a guest checkout on a friend’s iPad or use a registered credit card on their mobile. Most retailers do not have automated means for sharing risk profiles between their fraud and security operations that not only lets hackers through, but can lead to false positives.

Leverage Shared Intelligence Networks to passively recognize both valuable customers and cyber threats based on anonymized shared intelligence of device and persona reputation and behavior. A consortium view makes it easy to detect out of pattern or out of context behavior based on past transactions on other websites.

Implement Trust Tags to associate user accounts and devices with additional context by tagging, for example, if a registered user’s email and password was compromised on another site.

The risk of passwords as a preventative strategy is that once account login information is obtained, cybercriminals apprehend personal data that can be used for committing bank fraud or spreading malicious software. Once an attacker has a username and password, the possibilities for fraud are endless, especially if the same information is used for multiple accounts. Of all industries that use passwords as a primary means to protect user accounts, retailers tend to see an increase in activity during busy shopping periods throughout the year. With a high volume of transactions due to holiday shopping, it is even more important for retailers to differentiate between trusted users and cyber threats this time of year.

“Stored credit cards are the shortest path between criminals and cash this holiday season,” said Faulkner. “Consumers that store credit cards online or use the same login information across sites might as well hand their account information to cybercriminals. However, the bulk of the responsibility falls on retailers, who must implement a comprehensive cybercrime protection platform that differentiates between suspicious and authentic transactions without inconveniencing customers.”

With the holiday season under way, retailers and consumers must be more cautious than ever and avoid depending on passwords to protect account information. Instead, retailers and other businesses operating online can leverage such technology as the ThreatMetrix™ Global Trust Intelligence Network (The Network), the most comprehensive data repository that profiles tens of millions of users, to process hundreds of millions of login, payment and wire transfers every month. Overall, businesses must face the reality that the password is dead and more effective strategies must be put in place to protect transactions.

About ThreatMetrix

ThreatMetrix secures Web transactions against account takeoverpayment fraudidentity spoofing, malware, and data breaches. The ThreatMetrix Global Trust Intelligence Network, which analyzes 500 million monthly transactions, provides context-based authentication and Web fraud prevention to help companies accelerate revenue, reduce costs and eliminate friction. ThreatMetrix protects more than 1,900 customers and 9,000 websites across a variety of industries, including financial servicesenterprisee-commerce, payments, social networks, government, and insurance. For more information, visit or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

© 2013 ThreatMetrix. All rights reserved. ThreatMetrix, TrustDefender ID, TrustDefender Cloud, TrustDefender Mobile, TrustDefender Client, the TrustDefender Cybercrime Protection Platform, ThreatMetrix Labs, and the ThreatMetrix logo are trademarks or registered trademarks of ThreatMetrix in the United States and other countries. All other brand, service or product names are trademarks or registered trademarks of their respective companies or owners.

Media Contacts

Dan Rampe
Tel: 408-200-5716

Tory Patrick
WalkerSands Communications
Tel: 312-533-9823