Russian crime ring reportedly nabbed 1.2 billion online credentials

Summary:Target's security breach almost pales in comparison to what might be the largest swath of stolen Internet credentials ever.

On the heels of the admittance of just how much the severe cyber attack on Target cost the retailer comes the revelation of what might be the largest swath of stolen Internet credentials ever.

A crime ring based in Russia is said to have stolen more than 1.2 billion Internet credentials (usernames and passwords) with more than 500 million email addresses, according to the New York Times on Tuesday.

The news organization accredited the find to Milwaukee-based Hold Security, a technology and business intelligence firm that both provides enterprise security infrastructure and conducts incident investigations for clients worldwide.

Names of targeted websites and victims has not been published, but it was noted that the culprits have hacked into websites great and small.

Even more curious is that most of the IDs that have been exploited thus far have been used for indirect financial returns, namely for sending spam on social networks rather than vast illegal spending and selling the credentials on the black market.

Earlier on Tuesday , Target -- which arguably became the poster child for extraordinary data breaches -- admitted that it saw net expenses of $110 million from the attack on its payments infrastructure last winter.

Costs from the breach consist of losses for the majority of actual and potential breach-related claims, including those from payment card networks.

In Target's case , hackers thought to have been based in Eastern Europe got their hands on the names, mailing addresses, phone numbers and email addresses for up to 70 million people.

In response to Target's estimation of the financial costs of the incident (although customer trust might be priceless), analysts surmised it could have been much worse.

In reflection of how many more people have been revealed to be vulnerable thanks to this latest sting, that sentiment rings even more true.

Topics: Security, Legal, Tech Industry


Rachel King is a staff writer for CBS Interactive based in San Francisco, covering business and enterprise technology for ZDNet, CNET and SmartPlanet. She has previously worked for The Business Insider,, CNN's San Francisco bureau and the U.S. Department of State. Rachel has also written for, Irish Americ... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.