Russian hackers have stolen a billion usernames and passwords in a huge raid

Russian hackers have stolen more than a billion usernames and passwords, including access to more than 542 million email addresses.

The huge data haul happened earlier this summer, according to the New York Times, and saw a hacking ring breach thousands of sites stealing 1.2bn pieces of personal information.

“Hackers did not just target U.S. companies, they targeted any website they could get, ranging from Fortune 500 companies to very small websites,” Alex Holden, the founder and chief information security officer of Hold Security, told the New York Times. “And most of these sites are still vulnerable.”

The discovery was made by a US security firm, which will not reveal the names of the websites, however an independent expert said some of them were aware of the theft.

The data hasn’t been sold and experts think the hackers are using the information to spam social networks on behalf of other groups for a fee.

“Companies that rely on usernames and passwords have to develop a sense of urgency about changing this,” Avivah Litan, a security analyst at the research firm Gartner, told the New York Times. “Until they do, criminals will just keep stockpiling people’s credentials.”

Experts have reminded people to change their passwords and to not use the same passwords for every website (though haven’t explained how we’re supposed to remember hundreds of different ones).

Tweet me your thoughts @robynvinter

Button - LinkedIn

Readers' comments (1)

Social Bookmarks