A Small Russian Hacking Ring Has Stolen an Absurd 1.2 Billion Login Credentials

The Citizen's Guide to the Future
Aug. 5 2014 6:52 PM

A Small Russian Hacking Ring Has Stolen an Absurd 1.2 Billion Login Credentials

This is not good.

Image from Shutterstock/kpatyhka.

In February, the cybersecurity firm Hold Security LLC reported on an enormous stockpile of 360 million stolen account credentials. It was a staggering and unprecedented number. But now the company has released new research revealing a Russian hacking group that has stolen 1.2 billion sets of unique login credentials, and 4.5 billion records in all. It’s hard to even comprehend.

Hold Security told the New York Times that the data comes from more than 420,000 websites big and small, but the firm says it isn’t listing the sites right now because doing so could pose additional risks to users. (Plus in some cases it is bound by nondisclosure agreements.) The Times used a third-party security expert to assess Hold Security’s findings and found them to be accurate.


The Russian hacking group seems to be based with its servers in central Russia, and is composed of about 10 young men who work together on programming and data collection. The group seems to have started in 2011 but ramped up productivity in April using a vast network of botnets to infect users with malware and monitor their browsing. If they go to sites that the botnets know are vulnerable to attack the hackers can collect users' credentials. Alex Holden, Hold Security's founder and chief information security officer, told the Times, “There is a division of labor within the gang. ... It’s like you would imagine a small company; everyone is trying to make a living.”

The 1.2 billion unique credentials include 542 million email addresses, which is really a lot. But what is even a lot anymore? It seems like these numbers will just keep growing unless the mainstream approach to account security changes.

Future Tense is a partnership of SlateNew America, and Arizona State University.

Lily Hay Newman is lead blogger for Future Tense.



Meet the New Bosses

How the Republicans would run the Senate.

The Government Is Giving Millions of Dollars in Electric-Car Subsidies to the Wrong Drivers

Scotland Is Just the Beginning. Expect More Political Earthquakes in Europe.

Cheez-Its. Ritz. Triscuits.

Why all cracker names sound alike.

Friends Was the Last Purely Pleasurable Sitcom

The Eye

This Whimsical Driverless Car Imagines Transportation in 2059

Medical Examiner

Did America Get Fat by Drinking Diet Soda?  

A high-profile study points the finger at artificial sweeteners.

The Afghan Town With a Legitimately Good Tourism Pitch

A Futurama Writer on How the Vietnam War Shaped the Series

  News & Politics
Sept. 21 2014 11:34 PM People’s Climate March in Photos Hundreds of thousands of marchers took to the streets of NYC in the largest climate rally in history.
Business Insider
Sept. 20 2014 6:30 AM The Man Making Bill Gates Richer
Sept. 20 2014 7:27 AM How Do Plants Grow Aboard the International Space Station?
  Double X
The XX Factor
Sept. 19 2014 4:58 PM Steubenville Gets the Lifetime Treatment (And a Cheerleader Erupts Into Flames)
  Slate Plus
Tv Club
Sept. 21 2014 1:15 PM The Slate Doctor Who Podcast: Episode 5  A spoiler-filled discussion of "Time Heist."
Sept. 21 2014 9:00 PM Attractive People Being Funny While Doing Amusing and Sometimes Romantic Things Don’t dismiss it. Friends was a truly great show.
Future Tense
Sept. 21 2014 11:38 PM “Welcome to the War of Tomorrow” How Futurama’s writers depicted asymmetrical warfare.
  Health & Science
The Good Word
Sept. 21 2014 11:44 PM Does This Name Make Me Sound High-Fat? Why it just seems so right to call a cracker “Cheez-It.”
Sports Nut
Sept. 18 2014 11:42 AM Grandmaster Clash One of the most amazing feats in chess history just happened, and no one noticed.