Here’s What Happens When Your Data Is in the Hands of a Russian Hacking Collective

The Citizen's Guide to the Future
Aug. 6 2014 5:33 PM

Here’s What Happens When Your Data Is in the Hands of a Russian Hacking Collective

A data fog.

Photo from Shutterstock/Maksim Kabako.

Revelations on Tuesday about an enormous trove of stolen personal data collected by a hacking group in Russia has been making news for its sheer enormity. The New York Times and security firm Hold Security LLC report that the group has 4.5 billion sets of usernames and passwords.

Lily Hay Newman Lily Hay Newman

Lily Hay Newman is lead blogger for Future Tense.

There are questions about the report, though. First of all, Hold Security isn’t disclosing any of the 420,000 websites that the Russian hackers got data from. Instead, the company is offering a service for $120 that allows people to check whether any of their data has been compromised—which seems unattractively mercenary, given the magnitude of the situation. Additionally, Hold Security doesn’t really make it clear how much of the data was originally stolen by the Russian hackers as opposed to being purchased on the black market. This distinction is important, because if the hackers have just been buying up old login credentials, there’s less of a danger that the credentials will work.


Strangest of all, the Times reports that the hackers are mainly just using the credentials to hack social media accounts and spam them. Which is weird, because when criminals steal valuable things, they usually try to sell them. Or if they steal things that give them access to money they take the money. So maybe the credentials aren’t that valuable on their own.

Whatever is going on, though, the sheer enormity of the dataset makes it possible that the hackers could apply analysis to extract unusual information. For example, the credentials include 542 million email addresses, which might mean that the hackers can find multiple passwords associated with a single email address within their data, and start making more educated guesses about the types of passwords a given user tends to use.

Think about it. In the wake of information about the Heartbleed vulnerability you probably changed passwords on affected sites (you did, right?), but maybe you also still use some of those old passwords on other accounts that weren’t affected and therefore didn't get changed. The fact that the Russian hackers have old data doesn't necessarily mean it’s not useful since they have so freakin’ much of it.

So we’re all definitely screwed, right? Not totally! The issue here is that the traditional cybersecurity system relying on just usernames and passwords isn’t enough anymore. The key is adding extra layers of protection. Using a password manager, or at least randomly generating strong passwords, eliminating duplicate passwords used on multiple accounts, and adding two-factor (or multi-factor) authentication everywhere it’s offered are all readily available steps that can help you protect yourself.

Whether or not this turns out to be a historic hack, it’s certainly raising awareness about how important personal cybersecurity is. And it’s giving us a sense of scale of just how much data hackers can collect. As it turns out, quite a bit! But what exactly they’ll do with it remains to be seen.

Future Tense is a partnership of SlateNew America, and Arizona State University.

Lily Hay Newman is lead blogger for Future Tense.



Meet the New Bosses

How the Republicans would run the Senate.

Even by Russian Standards, Moscow’s  Anti-War March Was Surprisingly Grim

I Wrote a Novel Envisioning a Nigerian Space Program. Then I Learned Nigeria Actually Has One.

Photos of the Crowds That Took Over NYC for the People’s Climate March

Friends Was the Last Purely Pleasurable Sitcom

The Eye

This Whimsical Driverless Car Imagines Transportation in 2059

Medical Examiner

Did America Get Fat by Drinking Diet Soda?  

A high-profile study points the finger at artificial sweeteners.

The Government Is Giving Millions of Dollars in Electric-Car Subsidies to the Wrong Drivers

A Futurama Writer on How the Vietnam War Shaped the Series

  News & Politics
Sept. 22 2014 11:13 AM Your Own Personal Rand Paul How the libertarian hero makes his foreign policy contradictions disappear.
Sept. 22 2014 12:07 PM Divestment Isn’t the Answer To destroy demand for fossil fuels, universities can do a lot better than just selling some stocks.
Dear Prudence
Sept. 22 2014 12:00 PM Dear Prudence Live Chat For September 22, 2014.
  Double X
The XX Factor
Sept. 19 2014 4:58 PM Steubenville Gets the Lifetime Treatment (And a Cheerleader Erupts Into Flames)
  Slate Plus
Sept. 22 2014 8:08 AM Slate Voice: “Why Is So Much Honey Clover Honey?” Mike Vuolo shares the story of your honey.
Brow Beat
Sept. 22 2014 11:32 AM South Park Takes on Washington’s NFL Team and Its Terrible Name
Future Tense
Sept. 22 2014 11:23 AM Robot Plants Are the Latest in a Long Line of Robot Thingies
  Health & Science
Bad Astronomy
Sept. 22 2014 11:23 AM Two Impacts, One Landslide… on Mercury
Sports Nut
Sept. 18 2014 11:42 AM Grandmaster Clash One of the most amazing feats in chess history just happened, and no one noticed.