Renewed 2FA discussion after 1,2 billion Internet Passwords theft

2 minutes read

Renewed 2FA discussion after 1,2 billion Internet Passwords theft

The need for two factor authentication has again risen after a Russian hacker group amassed over a billion Internet passwords. The credentials came from over 420.000 websites of all different sizes, worldwide.

The records were discovered by Hold Security, a firm in Milwaukee, the New York Times reports. After seven months of research Hold Security identified a Russian cyber gang was in the position of the largest cache of stolen credentials. Hold Security names the gang CyberVor (Vor means ‘thief’ in Russian) and discovered they had taken 4,5 billion records, 1,2 of them being unique credentials.

400.000 websites detected as vulnerable

“The gang acquired databases of stolen records for botnets that uses victim’s systems to detect SQL vulnerabilities. The botnet conducted possibly one the largest security audits ever. Over 400.000 sites were detected as vulnerable”, Hold Security writes on their website.

Transition to two-factor authentication

Eric Cowperthwaite, vice president, advanced security & strategy at Core Security, explains that this is yet another example of the pressing need for users and companies to leverage two-factor authentication. “Companies need to transition to two-factor authentication,” Cowperthwaite said. “Companies such as Facebook and Twitter have finally started offering two-factor authentication, but the bottom line is that most users aren't taking advantage of it”, Security Week reports.

Two-factor authentication would have prevented hackers breach into personal website accounts as an extra layer of security secures the login session. People passwords would still have been compromised and still should be changing their passwords, but hackers would not be able to access their online accounts as 2FA via SMS sends an extra One Time Password to the users mobile phone.

2FA as a standard method

“Banks, as a standard practice, should absolutely be using two-factor authentication,” Cowperthwaite added. “They have a certain amount of loss from fraud built into their operating model - they just accept that it will happen. This acceptance is a shame since there are many simple ways to reduce those costs significantly.”

Implementing two-factor authentication in you business is a secure and very effective way of protecting you IT networks against suspicious and malicious login attempts.

Contact CM for our 2FA via SMS Whitepaper or contact our 2FA specialist for further information on Two-factor authentication:

more on 2FA

Enjoyed this article? Please share the news!

Continue reading

Next The worldwide success of SMS against no-shows
Previous Securing mobile messaging and how you benefit from it
Back To news overview

Related articles

Misconceptions about data protection revealed: the truth about online security
Cloud services easily abused for absent verification
Whitepaper 2FA: Unlocking Security Potential through your mobile phone
Two Factor Authentication: How & why
Securing login sessions with two-factor authentication

About the author

Charlotte van Raak is content marketer and makes sure our readers always have interesting blogs to read about how to engage with customers. During the day, she answers 1K questions in her role as communications advisor. At night she preferably sleeps.

Connect with Charlotte on