- Redditor wants to know if he’s the a**hole for ghosting pregnant partner Thursday 8:19 PM
- How to go live on TikTok Thursday 8:08 PM
- Joey Salads suggests Democrats carried out Santa Clarita mass shooting Thursday 7:31 PM
- How influencers use TikTok to make money and launch careers Thursday 7:18 PM
- How to stream Argentina vs. Brazil live Thursday 6:51 PM
- How to watch Disney+ on a smart TV Thursday 6:28 PM
- Miss Fame calls out Justin Bieber for low music video appearance pay offer Thursday 6:19 PM
- Trump Jr. ranked No. 1 on best-seller list—after the GOP gave away copies of his book Thursday 5:45 PM
- How to get Disney+ bundle if you already subscribe to Hulu and/or ESPN+ Thursday 5:19 PM
- Mo’Nique suing Netflix for race and gender discrimination Thursday 5:09 PM
- Students outraged that professors accused of sexual misconduct are still teaching Thursday 5:00 PM
- TikTok users jokingly wear big hats to sneak snacks into movie theaters Thursday 3:59 PM
- Why today’s new facially recognition bill is being called ‘woefully’ inadequate Thursday 3:15 PM
- Facebook has given more user data to the government than ever before Thursday 2:57 PM
- How to sign up for Disney Plus Thursday 2:55 PM
Russian hackers reportedly stole 1.2 billion passwords
From now on, let’s just assume we’ve all been hacked.
The New York Times reports that a gang of Russian hackers has amassed a collection of 1.2 billion usernames and passwords for online accounts, along with 500 million email addresses, gained from 420,000 different websites.
This staggering trove of user information was first uncovered by Milwaukee, Wis.-based cybersecurity firm Hold Security, which was also responsible for uncovering a hack that exposed millions of customers records held by Adobe last year
“Hackers did not just target U.S. companies, they targeted any website they could get, ranging from Fortune 500 companies to very small websites,” Hold Security founder Alex Holden told the Times. “And most of these sites are still vulnerable.”
Hold Security has said that the hackers haven’t appeared to sell many of the records online. Rather, they use the information to gain access to individual users’ social media accounts for sending out spam on behalf of their clients.
The group allegedly consists of only a handful of people operating out of city in central Russia. They started as small-scale spammers in 2011, but eventually graduated to using botnets of computers secretly loaded with a piece of software that tests every website the infected machine visits for its susceptibility to a commonplace hacking technique called SQL injection. Once the group knows that a site’s security can be compromised, they would then attack it and gain all the information they could.
The report did not name the group nor did it identify the specific city in which they are based.
Hold Security hasn’t made public which websites were compromised, a list that supposedly runs the gamut from small, independent operations to major sites people around the world use on a daily basis, due to non-disclosure agreements and because many of the sites in question remain vulnerable to copycat attacks from other hackers.
Aaron Sankin is a former Senior Staff Writer at the Daily Dot who covered the intersection of politics, technology, online privacy, Twitter bots, and the role of dank memes in popular culture. He lives in Seattle, Washington. He joined the Center for Investigative Reporting in 2016.