Slashdot Mirror

← Back to Stories (view on slashdot.org)

Alleged Massive Account and Password Seizure By Russian Group

Posted by Unknown on from the security-through-well-everyone-else-is-compromised-too dept.

New submitter Rigodi (1000552) writes "The New York Times reported on August 5th that a massive collection of stolen email passwords and website accounts have been accumulated by an alleged Russian "crime ring". Over 1.2 billion accounts were compromised ... the attack scheme is essentially the old and well known SQL injection tactic using a botnet. The Information has been made public to coincide with the Blackhat conference to cause a debate about the classic security account and password system weaknesses, urging the industry to find new ways to perform authentication. What do Black Hat security conference participants have to say about that in Vegas?

7 of 126 comments (clear)

  1. Re:because writing propet software by AaronLS · · Score: 4, Funny

    Apparently writing itself is hard, much less writing propet software.

  2. Re:big whoop by timrod · · Score: 4, Informative

    The use is that you now have a database of 1.2 billion passwords that can be fed into a brute force cracker and used to make "educated guesses" to crack passwords.

  3. Hold on a second.. by jbmartin6 · · Score: 5, Interesting

    Of course, the company which reveals this offers a $120/month breach notification service so they have a strong incentive to exaggerate. I'm not saying we should immediately discount these claims but let's make sure our grain of salt is in there.

    --
    This posting is provided 'AS IS' without warranty of any kind, implied or otherwise.
  4. Re:because writing propet software by RabidReindeer · · Score: 5, Funny

    The wisdom of the propets is written on the subway walls.

    And tenement halls.

  5. Re:Are the /. accounts affected ? by Buchenskjoll · · Score: 5, Funny

    I think the Anonymous Coward account is compromised. Look over his posts, it's mostly complete crap.

    --
    -- Make America hate again!
  6. Re:big whoop by wonkey_monkey · · Score: 4, Interesting

    a) Because hacking isn't just a case of having access to everything or nothing. What if you can only hack the password database, but you can't hack the system that those logins are used for?

    b) Because, lazy as people are, you now have some very likely candidate email/password combinations to try on all the systems you can't hack into.

    --
    systemd is Roko's Basilisk.
  7. Stored in cleartext? by MoonlessNights · · Score: 5, Insightful

    How was this even possible? Passwords should NEVER be something you can steal since they shouldn't actually be stored as clear text (or even encrypted, for that matter).

    Hasn't it been common practice, for at least a decade, to store the passwords as a salted hash (using a unique salt for each user)?

    You shouldn't be able to steal a password since the site shouldn't have it.