c0lo writes:
"Reuters reports that security company Hold Security LLC has uncovered stolen log in credentials from some 360 million online accounts that are available for sale on cyber black markets. Some of the more salient points in the article include:
The same source reports the stash was obtained in multiple breaches, but the log in credentials of 105 million accounts may have been taken in a single attack. If confirmed, this would make the largest single breach to date.
Hold Security LLC is the same company that uncovered the Adobe customer data breach in October 2013."
(Score: 3, Interesting) by The Mighty Buzzard on Thursday February 27 2014, @03:33PM
My rights don't end where your fear begins.
(Score: 5, Informative) by Keldrin on Thursday February 27 2014, @03:39PM
That was credit card numbers. This article is talking about credentials, which include usernames and passwords for "major providers such as AOL Inc, Google Inc, Microsoft Corp and Yahoo Inc and almost all Fortune 500 companies and nonprofit organizations".
(Score: 5, Funny) by snick on Thursday February 27 2014, @03:40PM
That's great news. Now I can get that 3 digit SN uid that I just missed.
(Score: 0) by SurvivorZ on Friday February 28 2014, @04:41AM
Meh, I'm perfectly happy with my UID ;-)
(Score: 1) by WizardFusion on Friday February 28 2014, @10:16AM
Me too :)
(Score: 1) by SockPuppet on Friday February 28 2014, @06:26AM
Got some rare things on sale, stranger!
(No, I am not actually for sale.)
(Score: 4, Interesting) by frojack on Thursday February 27 2014, @07:52PM
Well, to be fair, the article didn't say what those companies are.
It did say: :He has not provided any information about the attacks to other cybersecurity firms or authorities but intends to alert the companies involved if his staff can identify them.
So that's pretty strange, he seems to have discovered some collections usernames and passwords, but he can't or won't tell which sites they belong to, of if there is more than one company involved.
360 million log-ins is like Population of the United States sized.
So if it were a single company you are looking at Google or Yahoo or Apple sized companies.
No, you are mistaken. I've always had this sig.
(Score: 2) by Angry Jesus on Thursday February 27 2014, @08:33PM
So that's pretty strange, he seems to have discovered some collections usernames and passwords, but he can't or won't tell which sites they belong to, of if there is more than one company involved.
Not so strange. Presumably he has usernames and passwords. Neither are sufficient to identify the site at which those usernames and passwords actually are registered. Given that people often use the same username/password combo at multiple sites, even if he were to surreptitiously test out a few at major sites, that still wouldn't be enough to conclude which sites had been compromised.
(Score: 2, Insightful) by Keldrin on Thursday February 27 2014, @09:39PM
From TFA: "The massive trove of credentials includes user names, which are typically email addresses, and passwords that in most cases are in unencrypted text."
So I would say you're correct. Having johndoe@microsoft.com:secretpa$$word will tell you that there is a Microsoft employee with the username johndoe, and if they reuse passwords then secretpa$$word may work for an account within Microsoft, but it doesn't mean that Microsoft is what was broken into. Maybe by "companies involved" they mean telling Microsoft that the johndoe account may be at risk, even though the leak came from some random video site or something that got hacked.
(Score: 0) by SurvivorZ on Friday February 28 2014, @04:44AM
It's obviously that Chinese Facebook site… Or the *real* Facebook, even better.
[Testing to see if SN.org supports UTF-8 ellipsis, unlike a similar site that shalln't be named. [Nope ;(( It's 2014, for crying out loud ;(]
(Score: 5, Funny) by mrwizrd on Thursday February 27 2014, @03:42PM
Where from?
What services are they for?
Have you informed anyone?
Thanks for the press release, Hold Security.
(Score: 5, Funny) by c0lo on Thursday February 27 2014, @03:56PM
Given that high number, maybe is wise to change the passwords for services critical to you .. I don't know, at least soylentnews?
Just to be on the safish side, but with no warranties those guys won't breach again.
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford