Why is the news about 1.2 bil credentials stolen no news?

Source :

http://www.securityweek.com/feedback-friday-russian-hackers-obtain-12-billion-credentials-industry-reactions

Sorin Mustaca, IT security expert and author of the Mustaca on Security  blog:

Every time I read such PR, it makes me think: “what are the press guys thinking when accepting such information without any kind of proof?”

 

In my opinion, the most worrying part into this matter is the company that sells the service to consumers for checking and monitoring if their email address has been stolen and to companies to check if their websites are vulnerable to SQL Injection. Normally, there is absolutely nothing wrong with selling such services. And, don’t get me wrong, I am not saying that Hold Security is lying about knowing that some cyber gang got access to this amount of credentials. But from here to offering services for checking and monitoring if the client is a victim of exactly this breach, it is different. To do this, one assumes that the company is either in possession of the credentials or is just creating FUD to sell their services.

 

Taking a step back, if you read carefully the PR of this “unprecedented” hack you will see… mostly just some good PR talk and a very entrepreneurial spirit. There is no single piece of evidence of which websites were hacked, how exactly and what exactly was obtained. I am afraid that for security experts to say that “a botnet” checked websites for SQL Injections and stole credentials from the websites that were vulnerable is a bit too superficial.

 

“Internet credentials” can be something ranging from an email address to credit card information stored in plain text. But, don’t you think that if they would have had this information, especially about credit cards, they would have made a completely different PR gag? And they definitely would have asked for more money

 

[The phrase in Hold Security’s announcement], “Even if you are currently using another Identity Protection Service, your electronic identity may still be vulnerable,” shows that the company targets the billions market of Identity Protection and that it is slowly testing its competitors.


© Copyright 2014 Sorin Mustaca, All rights Reserved. Written For: Sorin Mustaca on Cybersecurity

Check www.mustaca.com for the IT Consulting services I offer.
Visit www.itsecuritynews.info for latest security news in English
Besuchen Sie http://de.itsecuritynews.info für IT Sicherheits News auf Deutsch

About the Author

Sorin Mustaca

Sorin Mustaca, (ISC)2 CSSLP, CompTIA Security+ and Project+, is working since year 2000 in the IT Security industry and worked between 2003-2014 for Avira as Product Manager for the known products used by over 100 million users world-wide. Today he is an independent IT Security Consultant focusing on Cybersecurity, secure software development and security for IoT and Automotive. He is also running his personal blog Sorin Mustaca on Cybersecurity and is the author of the free eBook Improve your security .

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close