Sorin Mustaca, IT security expert and author of the Mustaca on Security blog:
Every time I read such PR, it makes me think: “what are the press guys thinking when accepting such information without any kind of proof?”
In my opinion, the most worrying part into this matter is the company that sells the service to consumers for checking and monitoring if their email address has been stolen and to companies to check if their websites are vulnerable to SQL Injection. Normally, there is absolutely nothing wrong with selling such services. And, don’t get me wrong, I am not saying that Hold Security is lying about knowing that some cyber gang got access to this amount of credentials. But from here to offering services for checking and monitoring if the client is a victim of exactly this breach, it is different. To do this, one assumes that the company is either in possession of the credentials or is just creating FUD to sell their services.
Taking a step back, if you read carefully the PR of this “unprecedented” hack you will see… mostly just some good PR talk and a very entrepreneurial spirit. There is no single piece of evidence of which websites were hacked, how exactly and what exactly was obtained. I am afraid that for security experts to say that “a botnet” checked websites for SQL Injections and stole credentials from the websites that were vulnerable is a bit too superficial.
“Internet credentials” can be something ranging from an email address to credit card information stored in plain text. But, don’t you think that if they would have had this information, especially about credit cards, they would have made a completely different PR gag? And they definitely would have asked for more money
[The phrase in Hold Security’s announcement], “Even if you are currently using another Identity Protection Service, your electronic identity may still be vulnerable,” shows that the company targets the billions market of Identity Protection and that it is slowly testing its competitors.
© Copyright Sorin Mustaca, All rights Reserved. Written For: Sorin Mustaca on Cybersecurity
Check www.endpoint-cybersecurity.com for seeing the consulting services we offer.
Visit www.itsecuritynews.info for latest security news in English
Besuchen Sie de.itsecuritynews.info für IT Sicherheits News auf Deutsch