Hold on to your butts, folks, here we go again.
Hold Security (the company that identified the Adobe and Target security breaches last year) has just revealed that they’re tracking down what may well be the largest theft of personal data from the internet in history.
Dubbed the CyberVor breach, Vor meaning “thief” in Russian, the breach has been identified as the work of a nameless Russian cyber gang. They have gathered a collection of more than 4.5 billion records, mostly consisting of stolen credentials, and of which roughly 1.2 billion are unique. Over 420,000 web and FTP sites were robbed in the collection of this data. CyberVor is not believed to be operated by the Russian government.
Hold Security has not released the identities of the companies and individuals affected by this, at least not yet. They have described the sites targeted as non-discriminatory, meaning they didn’t just limit their efforts to big companies. It was a blanket attack that affected the biggest of the big companies and everything down the line all the way to some people’s personal web sites.
Yes, this is huge and scary. Panic isn’t going to help anything.
Obviously, changing your passwords is always a good idea periodically, so if you haven’t done so lately, now might not be the worst time ever to consider it.
I highly recommend reading over Hold Security’s announcement, as it goes into a lot more detail about the numbers and paints a more realistic picture of this disaster. For instance, 4.5 billion records sounds like a lot, but there’s a LOT of duplication in it. They’re saying it looks like it’s closer to half a billion individuals affected, and even then, many of those records may be hopelessly out of date – stolen passwords that are years or decades old, or temporary, or defunct.
So yes. Do not panic. Be sensible, be informed, be prepared.
Hold Security is going to be rolling out a “Hold Security Electronic Identity Monitoring and Protection” service within the next 60 days, and pre-registration for it is available now.
Of course we at Geek Beat encourage you to do your due diligence; most of our readers are probably familiar with Hold Security, but if you’re not, you’ll want to check them out before signing up for this. That’s just common sense.