Russian Criminals Obtain Passwords and More in Massive Hack

Hold Security, an Internet security research firm in the U.S., discovered a Russian crime ring has stolen an unprecedented amount of Internet credentials, including 1.2 billion user names and passwords, and more than 500 million email addresses. The hackers targeted websites from multiple countries and a range of businesses, from Fortune 500 companies to small websites. The crime ring is currently using the information to send spam through social networks for a fee.

news_02_smallAccording to The New York Times, Hold Security has alerted the affected companies, but they were unable to reach some of the site owners and many of the websites are still vulnerable.

“The ability to attack is certainly outpacing the ability to defend,” said Lillian Ablon, a security researcher at the RAND Corporation. “We’re constantly playing this cat and mouse game, but ultimately companies just patch and pray.”

Hold Security believes there is no connection between the Russian government and the hackers. The firm plans to alert Russian law enforcement, but the government has rarely pursued hackers. Currently, the Russian hackers are not selling their stolen information to use for identity theft.

This security breach across several websites is the largest known hack. Last year, an identity theft service in Vietnam stole up to 200 million personal records from Court Ventures. Eastern European hackers also hacked the retailer Target late last year, taking 40 million credit card numbers and personal information for 70 million people.

That hack cost Target and the financial institutions millions. According to The Wall Street Journal, the retailer paid $148 million in expenses related to the security breach. However, Target is expecting to get $38 million back as part of an insurance payout. Financial institutions spent more than $200 million in response to Target’s hack.

According to a study published by the Ponemon Institute and IBM, security breaches have become more costly. The average cost of a data breach increased 15 percent since last year, from $3.1 million to $3.5 million.