The credentials range from corporate account information to online bank accounts, according to one security firm, and may be from several yet to be reported security breaches. February 26, 2014 7:59 AM PST The cyber black market is busting at the seams with stolen credentials, according to a new report. Speaking to Reuters in an interview on Wednesday, Alex Holden, chief information security officer at Hold Security, said that over a period of just three weeks his company was able to identify 360 million different account credentials that were available for sale on Web-based black market services. The credentials range from corporate account information to online bank accounts, according to Reuters. Related stories Data breach at University of Maryland exposes 300K records Hackers hit Tesco as over 2,200 accounts compromised British spy unit reportedly hit Anonymous with DDoS attacks Adobe issues emergency Flash update for Windows and Mac No sixth sense: '123456' is worst password of 2013 That so many credentials are floating around the black market is perhaps no surprise to those who have been keeping an eye on the security space. Late last year, Target was hit with a massive data breach that saw the theft of 110 million people's personal information. It was just one in a long line of breaches that have occurred over the last several years, and only proved to put the issue back on the average person's map. Perhaps most concerning, however, is that Holden believes that the 360 million credentials are predominantly new to the black market sites, and he believes that the breaches that delivered the credentials into hacker hands have yet to be reported. Holden also believes multiple breaches have combined to hit the 360-million mark. That's in addition to the more than 1 billion e-mail addresses up for sale on the sites. As of this writing, Holden, who says that the e-mail addresses on the sites come from all major services, including Gmail and Yahoo, as well as most Fortune 500 companies, has yet to inform affected companies or authorities. He claims that his team is working to identify all the affected companies and will inform them of the breach when the data is collected.
The credentials range from corporate account information to online bank accounts, according to one security firm, and may be from several yet to be reported security breaches.
The cyber black market is busting at the seams with stolen credentials, according to a new report.
Speaking to Reuters in an interview on Wednesday, Alex Holden, chief information security officer at Hold Security, said that over a period of just three weeks his company was able to identify 360 million different account credentials that were available for sale on Web-based black market services. The credentials range from corporate account information to online bank accounts, according to Reuters.
Related stories
- Data breach at University of Maryland exposes 300K records
- Hackers hit Tesco as over 2,200 accounts compromised
- British spy unit reportedly hit Anonymous with DDoS attacks
- Adobe issues emergency Flash update for Windows and Mac
- No sixth sense: '123456' is worst password of 2013
That so many credentials are floating around the black market is perhaps no surprise to those who have been keeping an eye on the security space. Late last year, Target was hit with a massive data breach that saw the theft of 110 million people's personal information. It was just one in a long line of breaches that have occurred over the last several years, and only proved to put the issue back on the average person's map.
Perhaps most concerning, however, is that Holden believes that the 360 million credentials are predominantly new to the black market sites, and he believes that the breaches that delivered the credentials into hacker hands have yet to be reported. Holden also believes multiple breaches have combined to hit the 360-million mark. That's in addition to the more than 1 billion e-mail addresses up for sale on the sites.
As of this writing, Holden, who says that the e-mail addresses on the sites come from all major services, including Gmail and Yahoo, as well as most Fortune 500 companies, has yet to inform affected companies or authorities. He claims that his team is working to identify all the affected companies and will inform them of the breach when the data is collected.
