360 Million People Hacked in ‘Biggest Breach’ Ever: 5 Fast Facts You Need to Know

Published:11:14 am EDT, February 26, 2014| Updated:5:34 pm EDT, February 26, 2014|
By
360 million emails hacked, 360 million people hacked, Hold Security LLC, february 2014 hacking, black market credentials, black market identity theft, 2014 cyberattacks, how do I know if my account was hacked

(Getty)

Reuters is reporting that, according to Hold Security LLC, over 360 million new accounts have been hacked and their data is now available on the black market. How did this happen, and was your personal data stolen? Here is what we know so far about this developing story...


1. 360 Million Credentials Reported Stolen by Hold Security LLC

Reuters quotes Alex Holden, chief information security officer of Hold Security LLC. According to Holden, this data breach is "unprecedented."

The article goes on to say:

"'The sheer volume is overwhelming,' said Holden, whose firm last year helped uncover a major data breach at Adobe Systems Inc in which tens of millions of records were stolen.

Holden said he believes the 360 million records were obtained in separate attacks, including one that yielded some 105 million records, which would make it the largest single credential breaches known to date.

He said he believes the credentials were stolen in breaches that have yet to be publicly reported. The companies attacked may remain unaware until they are notified by third parties who find evidence of the hacking, he said.

'We have staff working around the clock to identify the victims,' he said."

According to CNET, Holden's team is still collecting data about the breach. CNET says "Holden has yet to inform affected companies or authorities. He claims that his team is working to identify all the affected companies and will inform them of the breach when the data is collected."

As of this writing, there is no timeframe for when Holden will release this details to the affected companies, nor a timeframe for when those companies will inform any affected users.


2. Many Kinds of Data Were Stolen in the Cyberattack

According to Reuters, many different types of information were stolen by the hackers, and the data came from some major providers in the tech industry.

Reuters writes:

"The massive trove of credentials includes user names, which are typically email addresses, and passwords that in most cases are in unencrypted text...

The email addresses are from major providers such as AOL Inc, Google Inc, Microsoft Corp and Yahoo Inc and almost all Fortune 500 companies and nonprofit organizations."


3. It Is Not Easy to Find Out Whether Your Data Was Stolen

Unfortunately, at this time, it is rather difficult to tell if your data was part of the 360 million stolen credentials. PC World writes that while it is known that email addresses and corresponding passwords can be purchased on shady, underground forums, there isn't a lot more information to go on right now.

Your best bet to protect yourself at this juncture would be to change all of your email account passwords, as well as all passwords for other online services.


4. It Is Also Unclear How Hackers Stole the Credentials

PC World writes, "It is possible the data came in part from data breaches at dating or job-related sites, which would have large numbers of users, although it has not been confirmed."

When more information is available, we will update this page with any known sites involved in this massive data breach.


5. 1.25 Billion Email Addresses Also Stolen

Hold Security posted a message on their website that outlines this February 2014 data breach. They write:

"In the first three weeks of February, we identified nearly 360 million stolen and abused credentials and 1.25 billion records containing only email addresses. These mind boggling numbers are not meant to scare you and they are a product of multiple breaches which we are independently investigating. This is a call to action, and if you are concerned about integrity of your company's user credentials we encourage you to use our Credentials Integrity Services."


Respond to this

More Tech you need to know