UPDATED 15:07 EDT / DECEMBER 12 2014

New study finds 150,000 account credentials are leaking each month

shadow hand thief password security hackerThe number and degree of hacker attacks on accounts and personal information continues to grow steadily. Researchers from the security firm Symantec Corp. have uncovered evidence of “highly advanced malware Regin” in the wild, which they believed in existence for last 6 years.

Now, the researchers from Danish security firm Heimdal Security believe that more than six million e-mail accounts and their credentials have been compromised over the past three months globally that translate to 150,000 account credentials are leaking each month.

The researchers say that the leaked credentials come from corporate logins to private consumer e-mails and the six million hacked email accounts should be considered as an excerpt of the overall exposed accounts. The actual losses may be 20 times more. Most likely, logins and passwords were obtained by phishing sites, Trojans, keyloggers, malware or browser-based extensions. On average, the current compromised email accounts are as high as 6 percent.

“As a security company, we only pick up a smaller part of what hackers actually have access to, and you have to remember that the 6 million accounts have only been discovered over the last three months. The actual number could be 20 times as high or more,” says Morten Kjaersgaard, CEO of Heimdal Security.

The stolen credentials are already in circulation or will be used by cyber criminals in attacks against individuals or businesses. This simply means that online criminals are right now using these credentials against you. These credentials may also allow cybercriminals access not only to corporate networks but also to other services of the same provider. In same way, attackers can try and use these credentials to log in to other popular web services.

Recall that in September of this year, unknown assailants posted on the Internet a database with 4.5 million logins and passwords accounts of the Russian services Yandex.ru (one million leaked emails) and Mail.ru (4.5 million leaked emails). Few days later, a list of five million Gmail accounts, paired with what appear to be passwords, was leaked in a popular Russian cryptocurrency forum.

The Regin malware is said to operate like a back-door Trojan, giving attackers unhindered access to every system it manages to infiltrate. The malware is believed to have been used against businesses, governments, Internet service providers, private individuals, researchers and telecoms companies.

Tips on protecting user accounts and user data are well known: corporate and individual users need to regularly change passwords, refuse to visit dubious Internet resources, use only licensed software, and configure the security settings of browsers.

photo credit: Mr.TinDC via photopin cc

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU