Russian Credentials Breach

Posted On: Aug 22, 2014

A Russian gang has stolen an estimated 1.2 BILLION username/password combinations – along with more than 500 million email addresses. It is believed that 420,000 websites have been breached, both large and small companies. The attacks were automated, meaning that an array of computers contaminated with malware were programmed to hunt for network vulnerabilities, and then harvest specified information. Hackers have found a way to identify and exploit vulnerable systems to gain access to valuable assets – including internal databases.

The potential danger is that an email address and a password are often required for login, and many people use the same password for all the websites they frequent. The criminals also have user names, which many people also reuse on multiple sites. They also have their bots to program using the stolen credentials on targeted high value sites (read: financial).

Unfortunately, the crooks may have also stolen our trust. Now that they have the information needed to create fake profiles, we cannot be certain if requests to link or friend are actually from the person we know or the fake person. And responding to a request from the fake could expose our devices to malware links – infecting us without even knowing it.

Because a lot of the activity of the Russian criminals seems to link back to malicious Trojans downloaded to consumer computers and corporate networks, it is suggested to ensure your network is clean (as much as possible) from stealth Trojans. Credit unions should also consider changing every admin credential now and changing them every Friday. In addition, you should change your password habits immediately and refrain from using the same user name/password combination on multiple sites.
Source: Credit Union Times