360 million newly stolen credentials on black market: cybersecurity firm

[InfoSec News <alerts () infosecnews org>]

http://www.reuters.com/article/2014/02/25/us-cybercrime-databreach-idUSBREA1O20S20140225

By Jim Finkle
Reuters
February 25, 2014

A cybersecurity firm said on Tuesday that it uncovered stolen credentials 
from some 360 million accounts that are available for sale on cyber black 
markets, though it is unsure where they came from or what they can be used 
to access.

The discovery could represent more of a risk to consumers and companies 
than stolen credit card data because of the chance the sets of user names 
and passwords could open the door to online bank accounts, corporate 
networks, health records and virtually any other type of computer system.

Alex Holden, chief information security officer of Hold Security LLC, said 
in an interview that his firm obtained the data over the past three weeks, 
meaning an unprecedented amount of stolen credentials is available for 
sale underground.

“The sheer volume is overwhelming,” said Holden, whose firm last year 
helped uncover a major data breach at Adobe Systems Inc in which tens of 
millions of records were stolen.

Holden said he believes the 360 million records were obtained in separate 
attacks, including one that yielded some 105 million records, which would 
make it the largest single credential breaches known to date.

[...]

--
Subscribe to InfoSec News
http://www.infosecnews.org/subscribe-to-infosec-news/