Passwords

Russian Hackers Compromise 4.5 Billion Records

Hold Security had warned the media outlets that a gang of Russian hackers have gained access to 4.5 billion email addresses and passwords.

The Milwaukee based security firm estimates that 420,000 web and ftp sites, including some Fortune 500 company sites, have been compromised. But details on what specific websites were compromised were not released.

The New York Times have claimed to have had the information analyzed by a security expert not affiliated with the security firm who confirmed the authenticity of the database of stolen information. And The New York Times have also reported that some of the companies involved are aware of the situation.

Most of this information was gathered via a botnet, a collection of interconnected computers that have been infected with a virus that collects and forwards information to individuals who either sell it or use the information to send unsolicited commercial email or gain access to web sites and credit card information.

According to Hold Security the most vulnerable users are those that use a generic password on multiple sites, whose generic passwords can be used to gain access to sites that are not in the records.

They had found that out of the 4.5 billion records, only 1.2 billion had unique passwords so the firm suggest the use of more secure, unique passwords.

An individual password should not be used on multiple sites and a combination of letters (in upper and lower caps), numbers and special characters (punctuation, symbols, etc.) should be used to prevent predictability.

The use of a frequently updated anti-virus program also helps keep individual computers from being infected with viruses that keep track of the passwords used.

Sega Pass Hacked

An undisclosed amount of Sega Pass users have had their personal information stolen, along with encrypted password information.

Email addresses and birthdates were compromised and Sega Pass appears to be offline. The incident happened last Thursday but no details in regards to the network’s Canadian users have been published.

Update On Playstation Network Breach

It appears that Playstation Network and Qriocity users can breathe more easily when it comes to their credit card information.

Sony has stated that a vital piece of information related to purchases, the card security code, was NOT stored or archived by their system.

This code, which is usually three or four digits long, is used to confirm purchases online and by phone. It is printed on the back on Visa and Mastercard credit cards, next to the signature strip, and in the front of many American Express cards, just above the credit card number.

This card verification code expires with the credit card and another code is issued whenever new cards are sent out. So if the credit card you used on the above mentioned networks was about to expire, you should have no problem.

Furthermore, with the introduction of chip cards and services like Visa‘s Verified by Visa and Mastercard‘s Securecode services, information gathered from the security breach would not likely be useable. But I would definately advise vigilance in regards to purchases, just in case.

Canada’s major credit card companies had adopted Zero Liability programs years back for unauthorized purchases so i’m guessing the issue wont cause many problems, though it should be noted that Sony will NOT be asking people to provide personal or credit card information via email or by phone.

BTW, Sony has stated that some of the services will be reactivated this week and some of their users will be eligible for a free month of Playstation Plus. Details can be found on their official blog.