A Small Russian Hacking Ring Has Stolen an Absurd 1.2 Billion Login Credentials

The Citizen's Guide to the Future
Aug. 5 2014 6:52 PM

A Small Russian Hacking Ring Has Stolen an Absurd 1.2 Billion Login Credentials

This is not good.

Image from Shutterstock/kpatyhka.

In February, the cybersecurity firm Hold Security LLC reported on an enormous stockpile of 360 million stolen account credentials. It was a staggering and unprecedented number. But now the company has released new research revealing a Russian hacking group that has stolen 1.2 billion sets of unique login credentials, and 4.5 billion records in all. It’s hard to even comprehend.

Hold Security told the New York Times that the data comes from more than 420,000 websites big and small, but the firm says it isn’t listing the sites right now because doing so could pose additional risks to users. (Plus in some cases it is bound by nondisclosure agreements.) The Times used a third-party security expert to assess Hold Security’s findings and found them to be accurate.


The Russian hacking group seems to be based with its servers in central Russia, and is composed of about 10 young men who work together on programming and data collection. The group seems to have started in 2011 but ramped up productivity in April using a vast network of botnets to infect users with malware and monitor their browsing. If they go to sites that the botnets know are vulnerable to attack the hackers can collect users' credentials. Alex Holden, Hold Security's founder and chief information security officer, told the Times, “There is a division of labor within the gang. ... It’s like you would imagine a small company; everyone is trying to make a living.”

The 1.2 billion unique credentials include 542 million email addresses, which is really a lot. But what is even a lot anymore? It seems like these numbers will just keep growing unless the mainstream approach to account security changes.

Future Tense is a partnership of SlateNew America, and Arizona State University.

Lily Hay Newman is lead blogger for Future Tense.



More Than Scottish Pride

Scotland’s referendum isn’t about nationalism. It’s about a system that failed, and a new generation looking to take a chance on itself. 

What Charles Barkley Gets Wrong About Corporal Punishment and Black Culture

Why Greenland’s “Dark Snow” Should Worry You

Three Talented Actresses in Three Terrible New Shows

Why Do Some People See the Virgin Mary in Grilled Cheese?

The science that explains the human need to find meaning in coincidences.


Happy Constitution Day!

Too bad it’s almost certainly unconstitutional.

Is It Worth Paying Full Price for the iPhone 6 to Keep Your Unlimited Data Plan? We Crunch the Numbers.

What to Do if You Literally Get a Bug in Your Ear

  News & Politics
Sept. 17 2014 8:15 AM Ted Cruz Will Not Join a Protest of "The Death of Klinghoffer" After All
Sept. 16 2014 2:35 PM Germany’s Nationwide Ban on Uber Lasted All of Two Weeks
The Vault
Sept. 16 2014 12:15 PM “Human Life Is Frightfully Cheap”: A 1900 Petition to Make Lynching a Federal Offense
  Double X
The XX Factor
Sept. 15 2014 3:31 PM My Year As an Abortion Doula
  Slate Plus
Slate Plus Video
Sept. 16 2014 2:06 PM A Farewell From Emily Bazelon The former senior editor talks about her very first Slate pitch and says goodbye to the magazine.
Brow Beat
Sept. 17 2014 9:03 AM My Father Was James Brown. I Watched Him Beat My Mother. And Then I Found Myself With Someone Like Dad.
Future Tense
Sept. 17 2014 8:27 AM Only Science Fiction Can Save Us! What sci-fi gets wrong about income inequality.
  Health & Science
Bad Astronomy
Sept. 17 2014 7:30 AM Ring Around the Rainbow
Sports Nut
Sept. 15 2014 8:41 PM You’re Cut, Adrian Peterson Why fantasy football owners should release the Minnesota Vikings star.