GO
Loading...

Big data breach: 360 million newly stolen credentials for sale

NBC News With Reuters
Wednesday, 26 Feb 2014 | 10:47 AM ET
Massive cyber threat uncovered
Wednesday, 26 Feb 2014 | 2:00 PM ET
A cybersecurity firm uncovers stolen credentials from some 360 million accounts that are available for sale on cyber black markets. CNBC's Eamon Javers reports.

A cybersecurity firm said on Tuesday that it uncovered stolen credentials from some 360 million accounts that are available for sale on cyber black markets, though it is unsure where they came from or what they can be used to access.

The discovery could represent more of a risk to consumers and companies than stolen credit card data because of the chance the sets of user names and passwords could open the door to online bank accounts, corporate networks, health records and virtually any other type of computer system.

Alex Holden, chief information security officer of Hold Security LLC, said in an interview that his firm obtained the data over the past three weeks, meaning an unprecedented amount of stolen credentials is available for sale underground.

More from NBC News:
House Passes Bill to Allow Cellphone 'Unlocking'
Apple Issues Fix for Major Security Flaw on Mac Computers
LinkedIn Looks to China for Growth, Launches Site in Chinese

"The sheer volume is overwhelming," said Holden, whose firm last year helped uncover a major data breach at Adobe Systems Inc. in which tens of millions of records were stolen.

Congress wants more from Target
CNBC's Courtney Reagan reports the House Oversight Committee has asked for more information from Target as to when the retailer first learned about the massive data breach.

Holden said he believes the 360 million records were obtained in separate attacks, including one that yielded some 105 million records, which would make it the largest single credential breaches known to date.

He said he believes the credentials were stolen in breaches that have yet to be publicly reported. The companies attacked may remain unaware until they are notified by third parties who find evidence of the hacking, he said.

New cyberattack could threaten U.S. markets
CNBC's Eamon Javers talks with House Intelligence Committee Chairman Mike Rogers about how hackers have tried to exploit any weakness in financial markets' computer networks.

(Read more: Target warns breach costs could hurt future profit)

He has not provided any information about the attacks to other cybersecurity firms or authorities but intends to alert the companies involved if his staff can identify them.

The massive trove of credentials includes user names, which are typically email addresses, and passwords that in most cases are in unencrypted text. Holden said that in contrast, the Adobe breach, which he uncovered in October 2013, yielded tens of millions of records that had encrypted passwords, which made it more difficult for hackers to use them.

(Read more: House panel demands documentation on Target breach)

The stolen data is not believed to be related to a major payment-card data breach late last year at U.S. retailer Target.

—By NBC News With Reuters

  Price   Change %Change
TGT
---
ADBE
---

Featured

Contact Technology

  • CNBC NEWSLETTERS

    Get the best of CNBC in your inbox

    › Learn More
  • Matt Hunter is the senior technology editor at CNBC.com.

  • Cadie Thompson is a tech reporter for the Enterprise Team for CNBC.com.

  • Working from Los Angeles, Boorstin is CNBC's media and entertainment reporter and editor of CNBC.com's Media Money section.

  • Jon Fortt is an on-air editor. He covers the companies, start-ups, and trends that are driving innovation in the industry.

  • Lipton is CNBC's technology correspondent, working from CNBC's Silicon Valley bureau.

  • Mark is CNBC's Silicon Valley/San Francisco Bureau Chief covering technology and digital media.