c0lo writes:
"Reuters reports that security company Hold Security LLC has uncovered stolen log in credentials from some 360 million online accounts that are available for sale on cyber black markets. Some of the more salient points in the article include:
The same source reports the stash was obtained in multiple breaches, but the log in credentials of 105 million accounts may have been taken in a single attack. If confirmed, this would make the largest single breach to date.
Hold Security LLC is the same company that uncovered the Adobe customer data breach in October 2013."
(Score: 2) by Angry Jesus on Thursday February 27 2014, @08:33PM
So that's pretty strange, he seems to have discovered some collections usernames and passwords, but he can't or won't tell which sites they belong to, of if there is more than one company involved.
Not so strange. Presumably he has usernames and passwords. Neither are sufficient to identify the site at which those usernames and passwords actually are registered. Given that people often use the same username/password combo at multiple sites, even if he were to surreptitiously test out a few at major sites, that still wouldn't be enough to conclude which sites had been compromised.
(Score: 2, Insightful) by Keldrin on Thursday February 27 2014, @09:39PM
From TFA: "The massive trove of credentials includes user names, which are typically email addresses, and passwords that in most cases are in unencrypted text."
So I would say you're correct. Having johndoe@microsoft.com:secretpa$$word will tell you that there is a Microsoft employee with the username johndoe, and if they reuse passwords then secretpa$$word may work for an account within Microsoft, but it doesn't mean that Microsoft is what was broken into. Maybe by "companies involved" they mean telling Microsoft that the johndoe account may be at risk, even though the leak came from some random video site or something that got hacked.
(Score: 0) by SurvivorZ on Friday February 28 2014, @04:44AM
It's obviously that Chinese Facebook site… Or the *real* Facebook, even better.
[Testing to see if SN.org supports UTF-8 ellipsis, unlike a similar site that shalln't be named. [Nope ;(( It's 2014, for crying out loud ;(]