Why is the news about 1.2 bil credentials stolen no news?

Source :

http://www.securityweek.com/feedback-friday-russian-hackers-obtain-12-billion-credentials-industry-reactions

Sorin Mustaca, IT security expert and author of the Mustaca on Security  blog:

Every time I read such PR, it makes me think: “what are the press guys thinking when accepting such information without any kind of proof?”

 

In my opinion, the most worrying part into this matter is the company that sells the service to consumers for checking and monitoring if their email address has been stolen and to companies to check if their websites are vulnerable to SQL Injection. Normally, there is absolutely nothing wrong with selling such services. And, don’t get me wrong, I am not saying that Hold Security is lying about knowing that some cyber gang got access to this amount of credentials. But from here to offering services for checking and monitoring if the client is a victim of exactly this breach, it is different. To do this, one assumes that the company is either in possession of the credentials or is just creating FUD to sell their services.

 

Taking a step back, if you read carefully the PR of this “unprecedented” hack you will see… mostly just some good PR talk and a very entrepreneurial spirit. There is no single piece of evidence of which websites were hacked, how exactly and what exactly was obtained. I am afraid that for security experts to say that “a botnet” checked websites for SQL Injections and stole credentials from the websites that were vulnerable is a bit too superficial.

 

“Internet credentials” can be something ranging from an email address to credit card information stored in plain text. But, don’t you think that if they would have had this information, especially about credit cards, they would have made a completely different PR gag? And they definitely would have asked for more money

 

[The phrase in Hold Security’s announcement], “Even if you are currently using another Identity Protection Service, your electronic identity may still be vulnerable,” shows that the company targets the billions market of Identity Protection and that it is slowly testing its competitors.


© Copyright 2014 Sorin Mustaca, All rights Reserved. Written For: Sorin Mustaca on Cybersecurity


Check www.endpoint-cybersecurity.com for seeing the consulting services we offer.

Visit www.itsecuritynews.info for latest security news in English
Besuchen Sie de.itsecuritynews.info für IT Sicherheits News auf Deutsch

Related Posts

Some tips for Shopping Online safe

  The source is an article I wrote for the Avira press release : http://www.avira.com/en/press-details/nid/528/news/consumers-concerns-online-shopping-safety Here are the tips:   I recommend that consumers watch for a few things in order to not become a victim of the online fraudsters: Always check that the connection to the online store where the payment is done is secured. […]

Network Access Control and IoT Security

Network Access Control,  is an approach to computer security that attempts to unify endpoint security technology (such as antivirus, host intrusion prevention, and vulnerability assessment), user or system authentication and network security enforcement. When a computer connects to a computer network, it is not permitted to access anything unless it complies with a business defined […]

Security through obscurity: Smart Light bulb Exposes Wi-Fi Password

A team of British security consultants (Context) hacked their way into a private Wi-Fi network — using Lifx bulbs as the backdoor. In a typical Lifx setup, one bulb will automatically serve as the “master,” communicating directly with your smartphone and then relaying all info to other “slave” bulbs. Context’s team was able to hack their […]