Breaking News

Hackpot: Russian gang hacked into more than one billion Internet accounts

Hackpot: Russian gang hacked into more than one billion Internet accounts

It seems that online security is a myth now-a-days, after a Russian gang hacked into more than one billion Internet accounts Tuesday.


Milwaukee-based firm Hold Security discovered that 1.2 billion username and password combinations and information from more than 500 email accounts were stolen by a group of hackers in Russia. In what has been called the largest known Internet theft, this latest data breach has impacted more than 420,000 websites worldwide.


The Russian gang is based in a small city near Mongolia, and began as amateur spammers in 2011. The New York Times reported that the group of hackers first relied on the black market for information. Then in April, the Russian gang slowly began to dismantle the security of websites around the world with SQL injection.


According to an article on Hold Security’s site, the Russian gang focused on used a large group of virus-infected computers controlled by one criminal system, otherwise known as a botnet network, to look for sites that were vulnerable to SQL injection. Next, the group of hackers would type commands into the databases of these sites to reveal their information. Once they acquired the data, the group hacked the accounts, and sent spam of bogus products to collect money from their victims. However, it appears that no card information has been stolen at this time.


According to the Milwaukee Journal-Sentinel, Hold Security has not named any of the sites affected due to non-disclosure agreements with some companies, and not to allow other hackers to take advantage of the affected sites while they remain vulnerable to an attack. Hold Security also said that the Russian gang is still retrieving data, and that they will offer their services to help the companies impacted by the breach. But, their assistance will come at a price. Hold Securities will be charging $120 for their service.


However, some writers question the legitimacy of Hold Securities’ report. They found it too vague. Caroline Craig of InfoWorld, and Forbes’ Kashmir Hill both said that Hold Securities left out key information. For example, the name of the city and the name of the group were not released. The Verge’s Russell Brandom finds it odd that the gang went through all of that trouble only to clog your email boxes and Twitter feeds with spam.


So, should we be concerned? Yes. The number of mass data breaches in the last two years shows that the current security system we have is not good enough. According to Symantec’s blog, there were eight data breaches that affected millions of accounts, and the number of data breaches increased by 62 percent from 2012. It is time for an update.


Do we need to panic? Probably not, the short-term solution is simple. First, check your accounts. If you find any suspicious activity, then have your bank cancel the card, and give you a new one. If you find nothing wrong, and are still worried, then change the password to your accounts. Time Magazine also suggests to avoid using the same password for multiple accounts, especially the important ones.

Updated at 9:30 a.m.: An in-depth version of an earlier story.