Why is the news about 1.2 bil credentials stolen no news?

Posted By: Sorin Mustaca August 10, 2014

Source :

http://www.securityweek.com/feedback-friday-russian-hackers-obtain-12-billion-credentials-industry-reactions

Sorin Mustaca, IT security expert and author of the Mustaca on Security  blog:

Every time I read such PR, it makes me think: “what are the press guys thinking when accepting such information without any kind of proof?”

 

In my opinion, the most worrying part into this matter is the company that sells the service to consumers for checking and monitoring if their email address has been stolen and to companies to check if their websites are vulnerable to SQL Injection. Normally, there is absolutely nothing wrong with selling such services. And, don’t get me wrong, I am not saying that Hold Security is lying about knowing that some cyber gang got access to this amount of credentials. But from here to offering services for checking and monitoring if the client is a victim of exactly this breach, it is different. To do this, one assumes that the company is either in possession of the credentials or is just creating FUD to sell their services.

 

Taking a step back, if you read carefully the PR of this “unprecedented” hack you will see… mostly just some good PR talk and a very entrepreneurial spirit. There is no single piece of evidence of which websites were hacked, how exactly and what exactly was obtained. I am afraid that for security experts to say that “a botnet” checked websites for SQL Injections and stole credentials from the websites that were vulnerable is a bit too superficial.

 

“Internet credentials” can be something ranging from an email address to credit card information stored in plain text. But, don’t you think that if they would have had this information, especially about credit cards, they would have made a completely different PR gag? And they definitely would have asked for more money

 

[The phrase in Hold Security’s announcement], “Even if you are currently using another Identity Protection Service, your electronic identity may still be vulnerable,” shows that the company targets the billions market of Identity Protection and that it is slowly testing its competitors.


© Copyright Sorin Mustaca, All rights Reserved. Written For: Sorin Mustaca on Cybersecurity


Check www.endpoint-cybersecurity.com for seeing the consulting services we offer.

Visit www.itsecuritynews.info for latest security news in English
Besuchen Sie de.itsecuritynews.info für IT Sicherheits News auf Deutsch

About the Author

Sorin Mustaca
Sorin Mustaca, (ISC)2 CSSLP, CompTIA Security+ and Project+, is working since over 20 years in the IT Security industry and worked between 2003-2014 for Avira as Product Manager for the known products used by over 100 million users world-wide. Today he is CEO and owner of Endpoint Cybersecurity GmbH focusing on Cybersecurity, secure software development and security for IoT and Automotive. He is also running his personal blog Sorin Mustaca on Cybersecurity and is the author of the free eBook Improve your security .
%d bloggers like this: