360 million stolen credentials up for sale in black market: Report
Around 360 million stolen credentials are reportedly available for sale in the black market, a security firm has revealed.
Washington: Around 360 million stolen credentials are reportedly available for sale in the black market, a security firm has revealed.
Security firm Hold Security revealed that the stolen account credentials could also be from several yet-to-be- reported security breaches.
Chief Information Security Officer at the firm, Alex Holden said that over a period of just three weeks his company was able to identify 360 million different account credentials that were available for sale on Web-based black market services, Cnet reports.
According to the report, the credentials include user names, which are often e-mail addresses, and passwords that in "most cases" are in unencrypted text.
Holden said that the e-mail addresses in the credentials are from all major services, including Gmail and Yahoo, and almost all Fortune 500 companies and nonprofit organizations.
Recently, US retailer Target Corp. experienced a mega security breach in which data of about 110 million customers was compromised.
Holden said that what is most concerning is that the 360 million credentials were predominantly new to the black market sites, and he believes that the breaches that delivered the credentials into hacker hands were yet to be reported.
He further said that his company was working to discover where the credentials came from and what they could access.
The firm added that more than 1 billion e-mail addresses were also up for sale on the sites, the report said.