Mar 05 360 Million Credentials for Sale to Crooks by Crooks. Black Market Info Bigger Risk to Companies and Consumers than Even Credit Card Data.
Because the stolen user names and passwords might be able to access online bank accounts, corporate networks, health records, etc., they’re more of a risk to consumers and companies than even stolen credit card data.
Security expert Alex Holden, who helped uncover the data breach at Adobe where tens of millions of records were stolen, said he believed the 360 million records were taken in separate attacks. In one of those attacks, 105 million records were stolen. If his information is accurate it would make it the largest single credential breach in history. No one knows for sure because the breaches weren’t made public by the companies involved. In fact those companies might not be aware there were breaches until notified by a third party about the attacks.
Holden observed that the difference between the Adobe breach and this one was that Adobe’s records had encrypted passwords whereas these usernames, email addresses and passwords were in plain text.
In his reuters.com article, Jim Finkle reported that the for sale email addresses are “from major providers such as AOL Inc, Google Inc, Microsoft Corp and Yahoo Inc and almost all Fortune 500 companies and nonprofit organizations.”
Heather Bearfield, who runs the cybersecurity practice for accounting firm Marcum LLP, said hackers can do far more harm with stolen credentials than with stolen payment cards, particularly when people use the same login and password for multiple accounts.
“They can get access to your actual bank account. That is huge.”
Holden also noted that in addition to the 360 million credentials, the criminals are selling some 1.25 billion email addresses. Just imagine all the diet aids, wrinkle cream and male enhancement kits spammers can push with all those addresses.
ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.
ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix™ Global Trust Intelligence Network, which analyzes over 500 million monthly transactions and protects more than 160 million active user accounts across 2,500 customers and 10,000 websites.
The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.
For more information, visit www.threatmetrix.com or call 1-408-200-5755.