More Questions than Answers from Data Breach Report

August 11, 2014
No Comment

By Shannon Perry

The American media has never paid more attention to data breaches and cybersecurity than it does today. Major breaches in the last year – at large companies like Target and eBay – have made information security discussions more worrying and more widespread, albeit still not universally understood.

On August 5th, Nicole Perlroth and David Gelles with The New York Times published an article titled “Russian Hackers Amass Over a Billion Internet Passwords.” According to the report, Holden Security, an information security firm out of Milwaukee, recently discovered that hackers operating in Russia have gathered a vast collection of stolen information. “A Russian crime ring has amassed the largest known collection of stolen Internet credentials,” the article begins, “including 1.2 billion user name and password combinations and more than 500 million email addresses, security researchers say” – news that should not be taken lightly.

Without question, this alleged motherload of information potentially poses a threat to millions of Internet users, but not all cybersecurity experts consider the news equally important. Danny Yadron with The Wall Street Journal  covered the story as well – in an article called “Experts Question Scope of Reported Russian Hack.” The article maintains that much of the collection is simply information from previously stolen information, and it express skepticism that the news is such a big deal.

Of course, identifying every threat and theft resulting from this collection is impossible, so determining the severity of such a situation is often more of an art than a science. Tracing a cyber attack back to its source is a bit more onerous than checking your email. In any case, the diversity of opinion surrounding the story is indicative of the ambiguity of the cyber environment, and the conflicting stories reflect the continued difficulty that much of the American public encounters while trying to understand cybersecurity and technical information.