September 12, 2014 at 12:32Google: only 2% of accounts identified by cybercriminals are really working
This week it became known that by certain persons the data of user accounts of such large Internet services as Yandex, Mail.ru and Google were made publicly available. The news was instantly disseminated by the media and the comments of the companies themselves were not long in coming. Initially, information appeared on several forums, a participant in one of the forums published allegedly leaked user account data for these companies in several posts and immediately began to claim that almost all of the data in these accounts was working and he "found his data there."
Google .
It should be noted that the distinguishing feature of such a large-scale “leak” is the publication of logins and passwords in clear form , which immediately eliminates the possibility of compromise of the servers of these companies by attackers (where they are stored as a hash + they can be additionally encrypted). Another indicator that the compromise of these Internet services is excluded is the fact that one can hardly imagine a situation in which someone was able to penetrate into the infrastructure of all of the above companies at a time. Even if this happened, passwords would be received in the form of hashes and could secretly be used in attacks like Pass-the-Hash, which are successfully blocked by most modern companies.
After the replication of this information in the media and the impact on users, the isleaked.com resource appeared on the network , which offers to “check” your account for compromise and donate its funds as a thank you to the author. We do not recommend using this service in order to check your account for compromise, as it is not possible to establish the authenticity of this resource, as well as the initial information. Moreover, the number of really working (real) accounts from this database also remains a big question.
conclusions: attackers used malware with the mechanism of stealing information entered by the user into the web pages of a browser compromised by malicious code, or used phishing messages to obtain this information. The cybercriminals themselves are from Russia, since Yandex & Mail.ru are the most popular services in our country, besides this, the initial information about the leak appeared on Russian forums.
Recommendations to users:
be secure.
We found that less than 2% of the username and password combinations might have worked , and our automated anti-hijacking systems would have blocked many of those login attempts. We've protected the affected accounts and have required those users to reset their passwords.
Google .
It should be noted that the distinguishing feature of such a large-scale “leak” is the publication of logins and passwords in clear form , which immediately eliminates the possibility of compromise of the servers of these companies by attackers (where they are stored as a hash + they can be additionally encrypted). Another indicator that the compromise of these Internet services is excluded is the fact that one can hardly imagine a situation in which someone was able to penetrate into the infrastructure of all of the above companies at a time. Even if this happened, passwords would be received in the form of hashes and could secretly be used in attacks like Pass-the-Hash, which are successfully blocked by most modern companies.
After the replication of this information in the media and the impact on users, the isleaked.com resource appeared on the network , which offers to “check” your account for compromise and donate its funds as a thank you to the author. We do not recommend using this service in order to check your account for compromise, as it is not possible to establish the authenticity of this resource, as well as the initial information. Moreover, the number of really working (real) accounts from this database also remains a big question.
conclusions: attackers used malware with the mechanism of stealing information entered by the user into the web pages of a browser compromised by malicious code, or used phishing messages to obtain this information. The cybercriminals themselves are from Russia, since Yandex & Mail.ru are the most popular services in our country, besides this, the initial information about the leak appeared on Russian forums.
Recommendations to users:
- Change the password for your account in any unusual situation , when there is information that the service could be compromised.
- Use strong passwords.
- Use two-factor 2FA authentication. 2FA is not an empty phrase, it will help protect your account even if the password becomes known to a third party.
- Be sure to check the presence of an https connection when you log into your service account and work in it.
be secure.