Unfortunately, stories of major data breaches are the norm in today’s news cycle. However, what often gets left out of the story is how the hacker profits from the stolen data. In the case of a recent major hack in Russia of more than one billion credentials, what the hacker did with all of this data has us scratching our heads.
The bizarre case is reported by Alex Holden of Hold Security, who was alerted to the hack by reading about it on an online forum–posted by the hacker himself! Right away, this move comes off as odd, seeing as most hackers try their darndest to keep their handiwork under wraps for as long as possible. After all, the longer a data breach goes undetected, the more valuable the stolen data will be on the black market.
What’s more, the sheer size of this hack is mind boggling, with more than a billion credentials stolen from the Russian service Mail.ru, along with additional account information from Google, Yahoo, Microsoft, and other major email providers from countries such as China and Germany. In total, 1.17 billion records from these services were lifted, which included username and password combinations from U.S.-based accounts connected with major banks, retailers, and manufacturers.
For a haul this large, the hacker could have had himself a major payday. Yet, his asking price for the cache was a mere 50 rubles (less than one American dollar).
Holden responded by haggling for possession of the stolen data, refusing to pay any money. Instead, he was able to convince the hacker to turn over all of the stolen credentials in exchange for a few “likes” on a social media page.
However, just because the credentials have been turned over to Hold Security, doesn’t mean that the hacker hadn’t previously turned them over to other parties with nefarious purposes in mind. Further data breaches could result from this one major breach, and additional hackers can use information from the stolen credentials to engineer new ways of accessing new accounts. Reasons like this are why you should always be vigilant when it comes to protecting your online identity.
To protect online accounts from hackers, be sure that you, your IT team and everyone who is able to access your establishment’s network follow best security practices. These simple measures will go a long way toward keeping your account safe, should your credentials ever be compromised.