Russian hackers have stolen 1.2 billion username and password combinations and 500 million email addresses, calling it “the hack of the century,” The New York Times reported Monday.
But The Verge raised questions — the security firm who found records of the hacks, Hold Security, is trying to make money off the hullabaloo by charging a $120 subscription fee to those who want to check and see whether or not their cyber security has been compromised. This is because Hold Security refuses to release the names of victims in the security breach.
Chief Information Security Officer Alex Holden said it would be dangerous to release any names, citing “vulnerability.”
“Hackers did not just target U.S. companies, they targeted any website they could get, ranging from Fortune 500 companies to very small websites,” Holden told The New York Times. “And most of these sites are still vulnerable.”
But The Verge believes Holden’s reluctance to release names prevents the media from evaluating just how severe the damage of the hack is, especially since Hold Security claims 1.2 billion usernames are compromised. After all, The Verge points out, there aren’t very many internet services that can boast billions of users. If any of those giants did experience security breaches — and here we’re talking about companies like Facebook and Google — then Hold Security probably would have told us.
So just how big — and how serious — is this Russian hack?
Cyber security and privacy attorney Richard Martinez seems to believe The Times’ investigation is right on, warning that the security breach might be even bigger than it seems.
“The potential target zone of companies that are affected by this is much larger than the ones initially impacted by the breach,” Martinez told Fox News. “As staggering as the scale of this is right now, it may well be much larger.”