A report from this morning at CNN details another major cyberattack by criminals. This time, Russian criminals stole 1.2 Billion passwords from over 420,000 different websites.
Alex Holden of Milwaukee-based Hold Security shared some of the details after his security company found the breach. Holden indicated that the sites range from smaller sites to "household names," although none of them were major email providers.
He isn't sharing any details on which sites were breached just yet. Part of this is because of existing nondisclosure agreements. The other is that his company is contacting some of these sites first to minimize any additional exploits of their existing vulnerabilities.
It looks like the average person on the web doesn't have too much to worry about with this new breach, although the volume of the theft is worrisome. Here's a quote with more of the details,
Holden said the gang makes its money by sending out spam for bogus products like weight-loss pills, and had apparently amassed its collection of digital credentials for that relatively innocuous purpose.
"It's really not that impactful to the individuals, and that's why they were under the radar for so long," Holden said. "They've ignored financial information almost completely."
But Holden said the gang's success at amassing passwords demonstrates that weak security procedures are common on websites of all sizes. ~ CNN
This is just one in a long string of high profile data security breaches, with the most damaging one being the Target breach last year. It's easy to wonder what can be done about these criminal hackers. Luckily, our anemic global cyber-security law enforcement organizations are no longer the only ones trying to stem the tide from these mobsters.
On July 15th of this year, Google decided it would do something about the problem. They initiated a new program to put the smack-down on illegal hackers. It's called Project Zero, and it is basically an arm of Google with a team of elite programers and cyber-security experts, who are tasked with stopping "the black-hats" and putting an end to their ability to hack in the first place.
What's really amazing is that Google isn't just setting these "Cyber-Avengers" loose on the web to protect only Google's software and services. They will be working to close security holes in any software regardless of the company, including Microsoft, Apple, Adobe and others. They plan to alert each company when they find a vulnerability and will even step in and help develop a solution if it seems like the target is lagging in handling it themselves.
Project Zero is Google's response to the "Zero Day" vulnerability which affected millions of users world-wide recently. In an interesting coincidence, the Google security researcher who they chose to share their project is named Chris Evans, which is the same name as the actor who plays Captain America in the Marvel movies.
Here's a link to their full announcement regarding Project Zero: Google Security Blog