Blog
Life

12 quadrillion email addresses hacked! - Fear in advertising

A few days ago, a story first took common IT portals by storm and then spread to big media outlets like wildfire: 1.2 billion email account credentials had supposedly been offered for sale at ridiculously low prices. The focus was on Russian users but it was a world-wide issue. What made my pulse skyrocket and sounded like another data leak may have been something else entirely.

A healthy dose of skepticism is in order

That user credentials are sold in the darker corners of the web is old news. Usually, email addresses (in the millions) will be anonymously sold either with or without associated passwords, payment is made through digital Bitcoins. Victims will either find themselves the target of SPAM mails or their access data being used for other purposes such as shopping sprees on Amazon or Ebay since many users only use a single password for multiple online services.

The story published in the blog of a security company could have been taken right out of a bad movie: A Russian nerd, still in school, had spent his days gathering user data from various places. He allegedly didn't do any hacking but had simply compiled data sets from numerous dubious sources. For his efforts (roughly 1 billion users are really something) he requested adequate payment: 50 rubles, around 75 cents. It was this aspect that made me suspicious since I had heard a lot about hackers but never that they were stupid or modest.

Young but not innocent?

Which is why I did not enter my email address at an online site claiming it would check whether I was affected. Maybe dozens of email addresses were just collected this way? Time for glorious paranoia. With my pulse back to normal, I simply waited. Once duplicate entries were removed, 1.2 billion users quickly turned into 272 million, still a considerable amount. Soon afterwards, the remaining addresses were validated by affected email providers - and the data turned out to be useless entirely. Obsolete, already blocked or freely made up. But the news had already reached the media and probably left many with a feeling of uneasiness. You may remember the name Hold Security, IT security experts and authors of the story.

As is the often the case, the big data leak and supposedly huge threat quickly turned into a paper tiger. This reminds me of an old advertising strategy - spreading fear. Viruses are frequently reported first by anti-virus software developers always including catastrophic prognoses and the subtle hint that, naturally, their software could already detect the bad guy. Without milk, our bones will fall apart is what dairy food lobbyists would make us believe while the next wave of the flu might kill all of us anyway, according to vaccine companies. The future will be a disaster unless we vote for the one party that can solve all of our problems. Fear makes us listen and open our wallets. Fear is perfect to attract attention.

Just holding a red padlock: Useless once your data is gone Just holding a red padlock: Useless once your data is gone

Can all of that be proved? Not really but it pays to be critical. Eerily familiar bad news are as certain as bad weather, same information, same sources, varying layouts. Does this mean you shouldn't be concerned? Certainly not. But if you use strong enough passwords (sorry, 1234 won't cut it), change them regularly and not just use the same password for all of your services you don't have to break out a sweat every time one of these stories comes up.

Author's note: The Ashampoo blog is celebrating its first birthday! What are your wishes and topic suggestions? Simply post them in the comments section!

11 comments
  • F

    Wasn't LastPass, or whatever it's called, hacked?

    In any case my strategy is to use a local password generator. I create a hundred or so passwords and copy them to a notepad document. Then I take bits and pieces from several passwords and combine them into one password up to 32 characters long, making sure it contains alpha-numerals and symbols. I encrypt a master password record log to store it all.

    I've asked my brother who works as a computer tech if he can get at my passwords and he's tried several things but says it is impossible. Of course I keep the master encryption password securely locked away in my head. As long as I never forget that all will be well.

  • M

    I use Dashlane free edition for all my passwords.

  • J

    A good article about passwords.

    If people only realized the advantages of a password manager---not just only for remembering your passwords for you---but for the security benefits that you also gain, by using a password manager to enter your personal details for you---automatically--- without having to manually type in your details for any particular account you have, thereby bypassing the posiblity of key-logger malware

  • h

    gefeliciteerd

    happy birthday.

    Dank u wel. :)

  • H

    Another good article Sven,Yes the threat of fear can make people do silly silly things,like vote in a stupid Australian LNP government

    Unfortunately, this scam works world-wide. Things aren’t any different in Europe.

  • J

    Very informative information, as usual Sven.

    I fail to understand how anyone who uses a computer fail to read and comply with the never-ending information and warnings from hundreds of sources relating to using secure passwords, and a different one for each application.

    Maybe using one of the free password generator programs is also too much to ask of those users 'who can't be bothered' or believe that they are invulnerable to prowlers..

  • S

    For all of the security software I have, I have only had it find a malicious program on my computer once in 19 years.

    That was early in my computer days and I think I learned a lesson from that experience.

    So now I only download from trusted sites, don't go looking for anything pirated or free and keep away from anything with any sort of dark undertones.

    Having this attitude has kept me safe for many years.

    I still have antivirus and malware software just in case.

  • M

    Thank you. I have changed all of my passwords.

  • F

    I always wonder why Password Managers are not promoted more often. And why do banks, in particular, not use 2-Factor Verification?

    We once considered selling a password manager application. Unfortunately, these programs don’t sell very well since many don’t see a need for them.

  • D

    Another excellent article from Sven, I always read these immediately when they arrive. Fear is probably a greater motivator than even love, lust, or greed. My only question here is what does the girl in the first picture have to do with hacked emails? Is this intended to be a motivator to read the blog? Just asking.

    This image was just too perfect, she really looks very skeptical. I’ve got to admit, while doing it, she looks way more attractive than any member of our editorial staff. :)

  • R

    Very Concise article about the Fear Game.

About Ashampoo
Users
22+ million
Downloads
500.000+ per month
World-wide
In over 160 countries
Experience
Over 25 years
Ashampoo icon