If the hacking of personal accounts from Target stores scared you, you better sit down.
Cybersecurity firm Hold Security, LLC is reporting it found a huge cache of 360 million stolen account credentials on an Internet site that sells stolen account and credit card information in a black market arrangement.
Hold Security, LLC is the same company that discovered the hack of Adobe Systems last year. Hold Security informed Reuters that they have been collecting data on this current discovery for the past three weeks and that “the sheer volume is overwhelming.” If some of the username and password combinations can unlock bank accounts, medical records, or corporate networks and enterprise systems, the data breach could potentially cause bigger problems for consumers than stolen credit card numbers would.
Within the 360 million account credentials, 105 million seem to come from a single cyber attack, and if they did, that data represents the largest single data collection breach ever. Ever. Alex Holden, the chief information security officer at Hold Security, told Reuters that he thinks the data is from companies that have not yet announced that they were hacked or do not yet realize it. He said that once Hold Security processes the data, it will alert companies that seem to have been compromised. Most of the data takes the form of unencrypted email addresses and passwords from email providers like AOL, Google, Microsoft, Yahoo, everyone.
For some context, the Target hack from last fall compromised 40 million credit card numbers and 70 million accounts in all. The Neiman Marcus hack, revealed in January, was even bigger, with 1.1 million customers affected over a three-month period (so not a one-time attack).
With that in mind, if data about 360 million personal accounts is just chilling on a black market site somewhere, that’s a newsworthy item that has yet to be broadcast widely.
It’s expected that as word spreads the mainstream news will have no choice but to inform the general public of the massive breach and provide advice on how to safeguard any funds that could be accessed through compromised information.
Disclaimer: On January 4, 2016, the owner of WestEastonPA.com began serving on the West Easton Council following an election. Postings and all content found on this website are the opinions of Matthew A. Dees and may not necessarily represent the opinion of the governing body for The Borough of West Easton.