NEW YORK (8/7/14)--Consumers across the globe are being encouraged to change passwords and take extra precaution with sensitive online information this week, as more than 1.2 billion username and password combinations and more than 500 million email addresses have been hijacked by a Russian crime syndicate, the largest data security breach to date (The New York Times Aug. 5).
Confidential information was stolen from some 420,000 websites including some big-name sites and many small websites, according to Milwaukee, Wis.-based Hold Security, which has uncovered several significant attacks in recent months.
"Hackers did not just target U.S. companies, they targeted any website they could get, ranging from Fortune 500 companies to very small websites," Alex Holden, Hold Security's founder and chief information security officer, told The New York Times. "And most of these sites are still vulnerable."
Hold would not disclose the websites that had been attacked, claiming to be beholden to nondisclosure agreements, in addition to a desire to keep those companies that are still vulnerable private.
Security experts have told The Wall Street Journal, meanwhile, that breaches involving usernames and passwords are dangerous for consumers, as they often use both for multiple websites. Experts also have said the number of usernames and passwords amassed by the Russian criminals is impressive in size (The Wall Street Journal Aug. 5).
Criminals have so far used the data to send spam on social-media accounts, according to The New York Times.