360 Million Account Credentials for Sale on Black Market


Passwords and data breachesThe security firm Hold Security LLC released an explosive report which states that login credentials for some 360 million accounts are currently being offered for sale on cyber black markets.

The sheer number of stolen account has security experts shocked. If true, it would be the biggest single data breach in history.

The Good, the Bad, and the Ugly

Alex Holden, the chief information security officer at Hold Security, believes that the 360 million records were stolen in a number of attacks. These credentials include usernames (usually email addresses) and passwords that are not encrypted. Last year, Adobe suffered a similar breach which led to the unauthorized access of tens of millions of email addresses, but the passwords were encrypted, making it harder for the hackers to access accounts.

The problem is compounded by the fact that users normally use the same login credentials across multiple accounts, including bank accounts, corporate networks, and social media websites. That means if a cyber thief has access to one of your accounts, he may have access to all of them.

The same criminals were also selling 1.25 billion email addresses without any login credentials. These would mainly be of interest to Internet spammers. If there is any silver lining to this report, it’s that at this point, no one has been able to identify where these login credentials came from and what they can be used to access. So the affected individuals may still have time to go in to their online accounts and change their passwords.

Change Your Passwords, and Change Them Often

In light of this report, this would be a good time to revisit password security. You probably use a stronger password on your online bank account than you do for your email account. After all, if someone hacks your email account, what’s the worst they could do? Send a spam message to all your friends or read all your private emails?

Wrong. It’s much worse than that. If a hacker gains access to your email account, he or she could get access to your online bank account by simply clicking Forget password on your banking website.

So make sure that every password you use is a strong one, and do not use the same password across multiple sites.

Below are some good safety tips when choosing passwords:

  • Change your password often. A good rule of thumb is once every six months.
  • Randomly substitute numbers for letters that look similar. For example, use ‘@” for the letter “a.”
  • Randomly use capital letters (e.g., Mod3l@F0rd).
  • Use a place you love, a specific car, or a favorite restaurant.
  • Use a random password generator and organizer like LastPass (https://lastpass.com/) to create, organize, and store all of your online passwords. It’s a free service and allows us to not have to remember all of our different passwords.

Remember, once our online accounts are compromised, we can’t put the genie back into the bottle. It’s better to be safe than sorry, and make sure that none of our passwords are compromising our security.

Get Private Wifi   Protect your personal information.
Get DataCompress   Cut your mobile data usage.

Jared Howe

Jared Howe is PRIVATE WiFi’s Senior Manager, Product Marketing Communications. Working in high tech for over 15 years, Jared currently lives in Seattle with his wife, daughter, and their two cats.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.