A security firm has announced another major password breach. What does this mean to your organization and what should you do next?
According to a recent article in the New York Times, the security firm Hold Security announced that a Russian gang compromised over a billion username and password combinations and more than 500 million email addresses. This mass amount of data was also apparently verified by independent security researchers according to the New York Times article. The data was apparently gathered from a large botnet controlled by this Russian group, which exploited SQL Injection vulnerabilities in web applications found by the botnet. Ironically, SQL Injection is on the list of SecureState’s Top 5 Attack Vectors Report, which was just released a few weeks ago. SecureState highly recommends you download and review this report to find out more details on why this is such a popular attack vector to exploit.
Questionable Disclosure of the Breach by Hold Security
What Hold Security did not release is the companies or individuals affected, and the compromised data, due to “nondisclosure agreements”. They did say they attempted to contact some of the companies affected by the breach, but its unclear how many were actually contacted. What Hold Security did do was announce this compromise during the Black Hat USA and DEFCON security conferences this week in Las Vegas and announce that you can sign up for a paid service to find out if you or your company is affected. With the timing of this announcement, it is no coincidence that Hold Security plans on making the news and securing a quick fortune from concerned individuals and companies.
Great, so now what? Should we panic?
Since you will not know if you or your organization is affected without paying Hold Security, there really is nothing that you can do except review the ways you create and store passwords from an individual perspective and keep an eye out for phishing attempts coming in via email. If you are an organization, see if any of your websites are vulnerable to SQL Injection and review your password storage methods to ensure they are secure. SQL Injection is a vulnerability that can be detected through the use of automated tools, as well as manual testing, but keep in mind it may not be easy to detect. SecureState recommends you review your external security posture and the security of your external web applications until we know more.