CyberVor swipes 1.2 billion passwords in largest security breach ever recorded
Warning! A Russian hacking group, which has been called CyberVor, has swiped 1.2 billion usernames and passwords. Hold Security is reporting that the group has stolen 540 million email addresses from 420,000 websites. A complete list of the websites that has been compromised has not yet been made available.
Please rest assured that your SpeedyBackup account is safe! Your Master Password is never transmitted. We don’t even know it! As well, all data transmitted by SpeedyPassword is encrypted using the military grade AES-256 encryption standard and is sent using secure SSL connections.
Change Your Passwords!
It is recommended that you change your password to protect your accounts from the CyberVor hackers. To do with this with SpeedyPassword:
- Click the SpeedyPassword icon from the right hand side of your browser.
- From the Home tab, locate the site you wish to change and click to log in.
- Once you are logged in to the site, change your password:
- This is usually found under Account, Preferences, Settings, Options, etc.
- You can use the Generator tab in SpeedyPassword to create a strong password.
- Go back to the Home tab in SpeedyPassword and select the gear icon from the left-hand corner of the site you just changed.
- Enter your new password into the password field and click Modify Site. Your password will now be changed in SpeedyPassword.
Some users will have a number of passwords that they should change. If time is an issue, we recommend changing passwords in this order to secure your accounts:
- Financial accounts
- Email addresses
- Social media
- Online shopping
- Any other accounts
Security breaches can put your online accounts at risk. The SpeedyPassword Team strives to keep you updated. For more on how SpeedyPassword can help protect your accounts, go to http://www.speedypassword.com/how-it-works.
Hold Security says the Russian gang, which it’s been tracking for seven months, originally purchased databases of stolen information via underground forums. “There are various sites on the Internet where dumps of previously stolen user databases, such as from LinkedIn and the Adobe breaches, are easily available, or indeed the gang could have paid or traded for credentials from other gangs,” Brian Honan, an independent information security consultant based in Dublin, tells Information Security Media Group.
But earlier this year, the gang began tapping botnets to catalog SQL vulnerabilities on websites, according to Hold Security. The vendor doesn’t say if the attackers rented these services or built them up themselves, but says the results of their security scans identified “over 400,000 sites … to be potentially vulnerable to SQL injection flaws alone.” Attackers then targeted these bugs to amass their cache of stolen data.
November 4, 2014 / By: Andrew Macklin