Security experts baffled by the extent of Russian hack

1.2 billion usernames and passwords collected

Simon Eappariello, SVP EMIEA, iboss

"The 'Attack of the CyberVors' can be likened to something out of a science fiction film. The scale is unprecedented, equivalent to the size of the EU population in email traffic being hacked. The era of companies being held to ransom by a cyber cartel needs to end. Add to this we need to change how we protect networks and confidential data at the very core. The shift in security of our most trusted brands and websites needs to happen on a large scale if we are going to see a shift in the protection of the Internet."

Article continues below

Tom Burton, director in KPMG's cyber security practice

"Accessing more than a billion passwords takes a significant level of organisation and sophistication, but if ever there was an argument that size doesn't matter, this is it. Each year the number of password hacks seems to be climbing, but such a large amount in one go begs a question about what the attackers are going to do with the information they now possess. One possibility is that the plan is to package the information, price it and sell it according to its usefulness."

Andrey Dulkin, senior director of cyber innovation at CyberArk

"The extent of data compromised is the core concern following this latest data breach revelation. It will result in three main threats: first, personal and sensitive information has been put at risk and can be used by criminals, second, the lost credentials could result in identity theft, third, and potentially the most significant for businesses, attackers can impersonate legitimate users to gain access to organisational assets and confidential information. All of which are made even more severe by the fact that numerous individuals often reuse their credentials across many accounts – personal and professional."

Peter Armstrong, Director of cyber security, Thales UK

The news that a single group has been able to hack 1.2 billion usernames and passwords across more than 420,000 websites shows the not just the sheer scale on which these cybercrime groups now operate, but also the borderless nature of the threat. Security threats present themselves in numerous forms and these increase by the day – if not hour, minute or second. This new method of targeting every site that their victims visit rather than specific large companies, has been devised for maximum results: these large numbers of compromised users can then be deployed by different Botmasters as they seek to create new types of DDOS attacks to monetise their criminal activities- it can lead to the dark web equivalent of buying and selling mailing lists except with these, you're not receiving junk mail through the door!.