It's very unclear exactly what's been got. http://www.staysmartonline.gov.au/alert_service/message?id=1124610&name=1+billion+credentials+stolen+by+hackers%3A+SSO+Alert+Priority+High+
> 1 billion credentials stolen by hackers: SSO Alert Priority High > > Reports are emerging about a vast series of data breaches, affecting > approximately 420,000 websites across the world, ranging from well known > ‘Fortune 500 companies’ and ‘household names’ through to ‘very small > websites’. > > Approximately 4.5 billion records, comprising 1.2 billion unique > ‘credentials’ (such as usernames and passwords) and an estimated 500 million > unique email addresses have been stolen by hackers over a period of many > months. > > A US-based security firm Hold Security identified the breaches and has been > communicating with Russian hackers it says are in possession of the stolen > data. > > It has not released the names of the hacked websites making specific > recommendations in response to these events difficult. > > Our best current advice is to assume your information may be affected and > change your password for any sensitive sites which concern you. You should be > changing your password regularly anyway as a matter of good practice. Read > our other suggestions below. > > Hold Security says the gang initially acquired stolen credentials from fellow > hackers on the black market which it used to attack email providers, social > media and other websites to distribute spam and install malware. It was also > able to gain access to data from a botnet (a ‘zombie’ network of infected > computers that can be remotely controlled) which it used to ‘audit the > internet’ identifying websites that were vulnerable to SQL injection ( a > common method used for hacking websites). It then used SQL injection to steal > data from these sites. > > According to the New York Times, independent security experts have confirmed > the authenticity of the stolen data. > > The New York Times reports that websites from outside the US have also been > targeted, and that to date, the criminals have largely focused on obtaining > identity credentials. They have, ‘not sold many of the records online. > Instead, they appear to be using the stolen information to send spam on > social networks like Twitter at the behest of other groups, collecting fees > for their work’. > > With such a significant amount of data and number of websites affected, there > is a likelihood your information could be involved. > > If you are concerned about your data you should evaluate the sites you use > and consider taking action to change your passwords and improve your security. > > More information is likely to emerge in coming days. -- Kim Holburn IT Network & Security Consultant T: +61 2 61402408 M: +61 404072753 mailto:[email protected] aim://kimholburn skype://kholburn - PGP Public Key on request _______________________________________________ Link mailing list [email protected] http://mailman.anu.edu.au/mailman/listinfo/link
