Here’s What Happens When Your Data Is in the Hands of a Russian Hacking Collective

Future Tense
The Citizen's Guide to the Future
Aug. 6 2014 5:33 PM

Here’s What Happens When Your Data Is in the Hands of a Russian Hacking Collective

A data fog.

Photo from Shutterstock/Maksim Kabako.

Revelations on Tuesday about an enormous trove of stolen personal data collected by a hacking group in Russia has been making news for its sheer enormity. The New York Times and security firm Hold Security LLC report that the group has 4.5 billion sets of usernames and passwords.

Lily Hay Newman Lily Hay Newman

Lily Hay Newman is lead blogger for Future Tense.

There are questions about the report, though. First of all, Hold Security isn’t disclosing any of the 420,000 websites that the Russian hackers got data from. Instead, the company is offering a service for $120 that allows people to check whether any of their data has been compromised—which seems unattractively mercenary, given the magnitude of the situation. Additionally, Hold Security doesn’t really make it clear how much of the data was originally stolen by the Russian hackers as opposed to being purchased on the black market. This distinction is important, because if the hackers have just been buying up old login credentials, there’s less of a danger that the credentials will work.


Strangest of all, the Times reports that the hackers are mainly just using the credentials to hack social media accounts and spam them. Which is weird, because when criminals steal valuable things, they usually try to sell them. Or if they steal things that give them access to money they take the money. So maybe the credentials aren’t that valuable on their own.

Whatever is going on, though, the sheer enormity of the dataset makes it possible that the hackers could apply analysis to extract unusual information. For example, the credentials include 542 million email addresses, which might mean that the hackers can find multiple passwords associated with a single email address within their data, and start making more educated guesses about the types of passwords a given user tends to use.

Think about it. In the wake of information about the Heartbleed vulnerability you probably changed passwords on affected sites (you did, right?), but maybe you also still use some of those old passwords on other accounts that weren’t affected and therefore didn't get changed. The fact that the Russian hackers have old data doesn't necessarily mean it’s not useful since they have so freakin’ much of it.

So we’re all definitely screwed, right? Not totally! The issue here is that the traditional cybersecurity system relying on just usernames and passwords isn’t enough anymore. The key is adding extra layers of protection. Using a password manager, or at least randomly generating strong passwords, eliminating duplicate passwords used on multiple accounts, and adding two-factor (or multi-factor) authentication everywhere it’s offered are all readily available steps that can help you protect yourself.

Whether or not this turns out to be a historic hack, it’s certainly raising awareness about how important personal cybersecurity is. And it’s giving us a sense of scale of just how much data hackers can collect. As it turns out, quite a bit! But what exactly they’ll do with it remains to be seen.

Future Tense is a partnership of SlateNew America, and Arizona State University.


The Slatest

Ben Bradlee Dead at 93

The legendary Washington Post editor presided over the paper’s Watergate coverage.

This Scene From All The President’s Men Captures Ben Bradlee’s Genius

Renée Zellweger’s New Face Is Too Real

Sleater-Kinney Was Once America’s Best Rock Band

Can it be again?

Whole Foods Is Desperate for Customers to Feel Warm and Fuzzy Again

The XX Factor

I’m 25. I Have $250.03.

My doctors want me to freeze my eggs.

The XX Factor
Oct. 20 2014 6:17 PM I’m 25. I Have $250.03. My doctors want me to freeze my eggs.

Forget Oculus Rift

This $25 cardboard box turns your phone into an incredibly fun virtual reality experience.

George Tiller’s Murderer Threatens Another Abortion Provider, Claims Free Speech

The Congressional Republican Digging Through Scientists’ Grant Proposals

  News & Politics
The World
Oct. 21 2014 3:13 PM Why Countries Make Human Rights Pledges They Have No Intention of Honoring
Oct. 21 2014 5:57 PM Soda and Fries Have Lost Their Charm for Both Consumers and Investors
The Vault
Oct. 21 2014 2:23 PM A Data-Packed Map of American Immigration in 1903
  Double X
The XX Factor
Oct. 21 2014 3:03 PM Renée Zellweger’s New Face Is Too Real
  Slate Plus
Behind the Scenes
Oct. 21 2014 1:02 PM Where Are Slate Plus Members From? This Weird Cartogram Explains. A weird-looking cartogram of Slate Plus memberships by state.
Brow Beat
Oct. 21 2014 9:42 PM The All The President’s Men Scene That Perfectly Captured Ben Bradlee’s Genius
Oct. 21 2014 11:44 PM Driving in Circles The autonomous Google car may never actually happen.
  Health & Science
Climate Desk
Oct. 21 2014 11:53 AM Taking Research for Granted Texas Republican Lamar Smith continues his crusade against independence in science.
Sports Nut
Oct. 20 2014 5:09 PM Keepaway, on Three. Ready—Break! On his record-breaking touchdown pass, Peyton Manning couldn’t even leave the celebration to chance.