Think about how many log-in credentials you have. What would you do if just one of them fell into the wrong hands? Well, a billion of the world's usernames and passwords have been hijacked, so it's time to start changing them.
Milwaukee-based Hold Security discovered that a Russian gang stole 1.2 billion usernames and passwords and 500 million email addresses. In all, the username and password combinations can log into 400,000 websites, which include both big name companies and smaller ones. “Hackers did not just target U.S. companies, they targeted any website they could get, ranging from Fortune 500 companies to very small websites,” Alex Holden, the founder of Hold Security, told the New York Times. “And most of these sites are still vulnerable.”
The Russians haven't sold the information for money, though, which they'd be able to do for a high price. Instead, they're using the data to send spam on social networks, and are collecting money that way.
“There is a division of labor within the gang,” Holden said. “Some are writing the programming, some are stealing the data. It’s like you would imagine a small company; everyone is trying to make a living.”
