Russian Hack Claims A Cash Grab Scam?
Hold Security has announced staggering claims that 1.2 billion usernames and passwords have been stolen by Russian hackers, but new doubts have emerged.
Openly admitting that it has used the term “you have been hacked” as a “conversation starter with many companies and individuals”, Hold Security has used the tactics of fear to get a foot in the door – and now global publicity for its findings.
The same term is the headline for its blog post on the breach it has dubbed “CyberVor”, with Vor being the Russian word for thief.
Hold Security says its past successes were identifying a data breach at Adobe Systems in October 2013, independently identifying and tracking the US Target store breach in December 2013 and identifying 360+ million stolen credentials trafficked on the black market.
Now the company says it has tracked a Russian cyber gang it has called CyberVor, which has supposedly amassed more than 4.5 billion records, of which 1.2 billion were unique and had over half a billion email addresses, stolen from more than 420,000 web and FTP sits.
Talking of botnets and SQL injections, social media scams and cryptography, Hold Security has painted a very disturbing picture of just how skilful today’s hackers are, but questions have emerged over Hold Security’s sincerity in making the claims.
This is because the company says it is “proud to announce that we will be providing full electronic identity monitoring service to all the individuals within the next 60 days”, while leaving the crucial information that this service will cost $120 per year on this page.
While major companies and some individuals will be happy to pay the money, $120 per year is too much for the everyday user who can simply check the free “Should I Change My Password” service instead, which has now been renamed to BreachAlarm.com.
This service claims to have detected over 200 million hacked accounts leading to 427,651 stolen passwords each day, with 5,202 password hacks found with 152,450,038 passwords breached in the largest hack.
Those numbers are far smaller than Hold Security’s, but BreachAlarm has a free plan, a $10 per year plan that lets get breach email alerts on up to 10 email addresses, and a $30 per year plan that lets you track breaches on up to 50 email addresses.
PC World also lists a series of unanswered questions over Hold Security’s claims, with many others wondering whether Hold Security’s announcement was a true warning or just a sales pitch.
You’ll have to make up your own mind, and there’s clearly no doubt that the treat from cyber criminals is absolutely real, but the verdict on Hold Security’s sincerity is still on hold.