Change Your Email Password Now!
According to Hold Security, it appears as if the negotiation began with the normal: bartering, talking, ‘finagling,’ etc. The provider of the leaked data asked for money, which is not uncommon in the cyber theft and password leaking field. As per their requirements and standards, the Hold Security analyst would not provide the monetary amount requested of 50 rubles (less than $1 in the May 4, 2016 exchange rate).
An arrangement was make to trade likes on the perpetrator’s social media page for the database. The database was 10 GB in size, which is ¼ the size of the main database released in the Ashley Madison data breach. This is really not uncommon in the cybersecurity space. There must be some incentive to disclose and notoriety and responsible disclosure are not always the motives.
After receiving the database and conducting analysis, Hold Security responsibly reported this to the applicable organizations. This was done some 10 days ago. Per BGR, the breakdown of compromised accounts after removal of duplicates are as follows:
- 57 million mail.ru accounts
- 24 Gmail accounts
- 33 Microsoft (Hotmail, outlook, etc.)
- 40 Yahoo accounts
- Unknown amount of private/business email credentials
The database started out as having 1.17 billion records, after the duplicates were removed, only 272 million remained
This is not the first time that Alex Holden or Hold Security has been involved with a major credential spill. Per Reuters, (2016) “Holden, a Ukrainian-American who specialises in Eastern European cyber crime threats, uncovered a cache of 1.2 billion unique credentials that marked the world’s biggest-ever recovery of stolen accounts.” What a way to have ‘just another day in the
It is unclear how this was attained, which is why we are saying to change your email password now. This maybe have been the result of an insider job to be able to attain 57 of the 64 million mail.ru records, if not a very clever social engineering attack. I think that it is a safe assumption that there is some overlap in the user base, but I am not sure it is up to 50% of mail.ru’s clientele. We will continue to monitor this for added information and possibly dissect the attack when we know more.
The User Side
We know you’re wondering how this affects you and why you should care. Simply put, you should change your email password now! This further compounds our stance on NOT REUSING PASSWORDS. You should be using a unique password on each site/platform that requires one. The less human readable and non-dictionary the better. This is another reason to use password management software so that you can use those difficult passwords without locking yourself out.
This also helps to continue to make the case against social engineering. With this volume of credentials, I would expect people that have seen the database to begin to target people. They will attempt to collect more information to spread the damage. They will start to try to find other aliases and other accounts and target and enumerate those contacts, then spread like “Patient Zero” in an outbreak. Take this time to audit your social media and presence to ensure that you’re not giving up any information that could be used against you in that sense.
Announcements and Resources
If you believe you may have had your credentials stolen, please check out haveibeenpwned.com and enter your email address
Advanced Persistent Security has partnered with the EC-Council to provide a discounted EC-Council Training Event to our readers and listeners. The codes are only good for the Hacker Halted event in Atlanta, GA September 11-14 and 15-16, 2016. Below are the codes, if you have any questions, Contact Us:
SEPTEMBER 11TH-14TH, 2016
$1,999 Courses if you register using discount code: HHAPSTRN
Choose one of the following courses and exams:
- Certified Ethical Hacker (C|EH)*
- Computer Hacking Forensic Investigator (C|HFI)*
- Certified Security Analyst (E|CSA/L|PT)*
- Certified Chief Information Security Officer (C|CISO)*
All courses include:
- Official Courseware
- 1 Complimentary Exam Voucher
- Certificate of attendance
- Lunch and coffee breaks throughout the duration of the training
- Complimentary Pass to Hacker Halted – Atlanta conference (September 15 & 16)
*Individual conference passes can be purchased for $35 (down from $199) Use code: HHAPSCON
Instructions for registration:
1) Click here
2) Fill in all the necessary info
3) Enter Qty (1) for conference pass – public
4) Enter promotional code HHAPSCON (for $35 Conference Passes) HHAPSTRN (for $1,999 Courses)
Recent APS Posts
Qatar Bank Breached After Bangladesh
Bangladesh Bank Loses 80 Million USD
Ransomware Infects Android 4.x
Spotify Allegedly Hacked…Again
MedStar Health Cybersecurity Fails to Prevent Attack
Ransomware Locks MBR
Iranian hackers hit with Federal charges
Spear Phishermen Target Corporate W-2 Data
4 Things to Know About Ransomware
Ransomware Hits Mac Computers
Thanks for stopping by and checking out our podcast. We would appreciate if you could subscribe (assuming you like what you hear; we think you will). This is meant to be informative and to provide value to anyone who listens – regardless of their knowledge and/or understanding of IT/Cybersecurity. To learn more about us, check out our “About Us” page.
If you have ANY Cybersecurity needs, please contact us and a member of our staff with promptly reply to your question or concern.