Here’s What Happens When Your Data Is in the Hands of a Russian Hacking Collective

The Citizen's Guide to the Future
Aug. 6 2014 5:33 PM

Here’s What Happens When Your Data Is in the Hands of a Russian Hacking Collective

A data fog.

Photo from Shutterstock/Maksim Kabako.

Revelations on Tuesday about an enormous trove of stolen personal data collected by a hacking group in Russia has been making news for its sheer enormity. The New York Times and security firm Hold Security LLC report that the group has 4.5 billion sets of usernames and passwords.

Lily Hay Newman Lily Hay Newman

Lily Hay Newman is lead blogger for Future Tense.

There are questions about the report, though. First of all, Hold Security isn’t disclosing any of the 420,000 websites that the Russian hackers got data from. Instead, the company is offering a service for $120 that allows people to check whether any of their data has been compromised—which seems unattractively mercenary, given the magnitude of the situation. Additionally, Hold Security doesn’t really make it clear how much of the data was originally stolen by the Russian hackers as opposed to being purchased on the black market. This distinction is important, because if the hackers have just been buying up old login credentials, there’s less of a danger that the credentials will work.


Strangest of all, the Times reports that the hackers are mainly just using the credentials to hack social media accounts and spam them. Which is weird, because when criminals steal valuable things, they usually try to sell them. Or if they steal things that give them access to money they take the money. So maybe the credentials aren’t that valuable on their own.

Whatever is going on, though, the sheer enormity of the dataset makes it possible that the hackers could apply analysis to extract unusual information. For example, the credentials include 542 million email addresses, which might mean that the hackers can find multiple passwords associated with a single email address within their data, and start making more educated guesses about the types of passwords a given user tends to use.

Think about it. In the wake of information about the Heartbleed vulnerability you probably changed passwords on affected sites (you did, right?), but maybe you also still use some of those old passwords on other accounts that weren’t affected and therefore didn't get changed. The fact that the Russian hackers have old data doesn't necessarily mean it’s not useful since they have so freakin’ much of it.

So we’re all definitely screwed, right? Not totally! The issue here is that the traditional cybersecurity system relying on just usernames and passwords isn’t enough anymore. The key is adding extra layers of protection. Using a password manager, or at least randomly generating strong passwords, eliminating duplicate passwords used on multiple accounts, and adding two-factor (or multi-factor) authentication everywhere it’s offered are all readily available steps that can help you protect yourself.

Whether or not this turns out to be a historic hack, it’s certainly raising awareness about how important personal cybersecurity is. And it’s giving us a sense of scale of just how much data hackers can collect. As it turns out, quite a bit! But what exactly they’ll do with it remains to be seen.

Future Tense is a partnership of SlateNew America, and Arizona State University.

Lily Hay Newman is lead blogger for Future Tense.



More Than Scottish Pride

Scotland’s referendum isn’t about nationalism. It’s about a system that failed, and a new generation looking to take a chance on itself. 

What Charles Barkley Gets Wrong About Corporal Punishment and Black Culture

Why Greenland’s “Dark Snow” Should Worry You

If You’re Outraged by the NFL, Follow This Satirical Blowhard on Twitter

The Best Way to Organize Your Fridge


The GOP’s Focus on Fake Problems

Why candidates like Scott Walker are building campaigns on drug tests for the poor and voter ID laws.

Sports Nut

Giving Up on Goodell

How the NFL lost the trust of its most loyal reporters.

Is It Worth Paying Full Price for the iPhone 6 to Keep Your Unlimited Data Plan? We Crunch the Numbers.

Farewell! Emily Bazelon on What She Will Miss About Slate.

  News & Politics
Sept. 16 2014 7:03 PM Kansas Secretary of State Loses Battle to Protect Senator From Tough Race
Business Insider
Sept. 16 2014 1:23 PM Germany Has Asked Google to Reveal Its Search Algorithm, but That's Not Going to Happen
The Eye
Sept. 16 2014 12:20 PM These Outdoor Cat Shelters Have More Style Than the Average Home
  Double X
The XX Factor
Sept. 15 2014 3:31 PM My Year As an Abortion Doula
  Slate Plus
Tv Club
Sept. 15 2014 11:38 AM The Slate Doctor Who Podcast: Episode 4  A spoiler-filled discussion of "Listen."
Brow Beat
Sept. 16 2014 8:43 PM This 17-Minute Tribute to David Fincher Is the Perfect Preparation for Gone Girl
Future Tense
Sept. 16 2014 6:40 PM This iPhone 6 Feature Will Change Weather Forecasting
  Health & Science
Sept. 16 2014 4:09 PM It’s All Connected What links creativity, conspiracy theories, and delusions? A phenomenon called apophenia.
Sports Nut
Sept. 15 2014 8:41 PM You’re Cut, Adrian Peterson Why fantasy football owners should release the Minnesota Vikings star.