Hackers have stolen up to 542 million unique email addresses according to Hold Security of Minneapolis, Minnesota. The breech is the largest known cache of stolen personal information ever. The gang steeling the addresses used a network of zombie computers that were infected with a virus to steal 1.2 billion user name and password combinations, along with 500 million email addresses from 420,000 websites. The group consisting of fewer than 12 men in their 20s worked from south central Russia in an area located between Kazakhstan and Magnolia. Hold says they cannot say if banking and other financial accounts have been hacked. Many of the companies that have been breached are Fortune 500 companies. These companies are more vulnerable in some cases because consumers trust them more and are more likely to give them their information.
While initial reports were that most of the sites that were hacked were from Russia, according to Hold Security, 420,000 websites around the world were hacked. This has prompted Hold Security to remind everyone to go in and change his or her passwords and user names. In addition, users should be extremely careful about giving this information to anyone. Part of the problem is that these hackers are working in countries where Western law enforcement cannot operate, and it is unlikely that Russia will turn over the culprits to Western law enforcement.
Despite the attacks, Avivah Litan with security firm Gartner who is working with Hold Security says that most of the websites have not upgraded their website security. Lillian Ablon who researches Internet security options for the RAND Corporation says, “The ability to attack is certainly outpacing the ability to defend. We’re constantly playing this cat and mouse game, but ultimately companies just patch and pray.” It would now appear that some have even given up on the patching leaving users to defend themselves.
Responsible companies are spending up to $3.5 million dollars per breech. They are, in fact, spending about 15 percent more this year than they did last. Much of this money is spent trying to stop the hackers before they get the information in the first place. Most financial institutions have discovered algorithms to help them detect fraudulent activity.
Hold says that the main threat is that the hackers will use the information to steal identities. They can use the information to obtain passports, social security cards and start new identities. Some people are unaware for years that their identities have been stolen further complicating matters.