Drop Down MenusCSS Drop Down MenuPure CSS Dropdown Menu
Alternative Text Alternative Text Alternative Text Alternative Text
Survivor of US Drone Attack:
Obama Belongs on List of World's Tyrants

Poisoning Black Cities: Corporate Campaign to Ethnically Cleanse US Cities Massive Marches in Poland
Against Authoritarian Threat of Far-Right
Ethiopia’s Invisible Crisis: Land Rights Activists Kidnapped and Tortured

Global Perspectives Now Global Perspectives Now

Story About Russian Hackers Obtaining A Billion-Plus Passwords Doesn't Add Up — Firm That Found Hack 'Cleans Up' On Resulting Panic





By Russell Brandom
Yesterday, The New York Times dropped an exclusive account of what reporter Nicole Perlroth called "the biggest hack ever." By the numbers it certainly held up: 1.2 billion accounts, covering 500 million unique email addresses over 420,000 websites. The data had been captured by a Russian hacker group called CyberVor, and revealed by Hold Security. But as the smoke clears, the hack seems to be less of a criminal masterwork than the article might have you believe.


The biggest problem, as Forbes's Kashmir Hill and The Wall Street Journal's Danny Yadron have noted, is that Hold Security is already capitalizing on the panic, charging a $120-per-year subscription to anyone who wants to check if their name and password are on the list. Hold says it's just trying to recoup expenses, but there's something unseemly about stoking fears of cybercrime and then asking concerned citizens to pay up. It also gives Hold a clear incentive to lie to reporters about how large and significant the finding is.

Of course, facts are still facts, but even the hard data here is a little strange. If the idea of hacking 1.2 billion usernames sounds incredible, it should. There are just a handful of services with over a billion users — Facebook, Google Search, and Microsoft Office lead the pack — and if any of those were involved, Hold wouldn't be shy about saying so. Instead, this data comes from hundreds of thousands of compromises over the course of months. Comparing it to breaches like Adobe or Target, as Perlroth does repeatedly, simply doesn't make sense.

Read More

No comments:

Related Posts Plugin for WordPress, Blogger...