Target made waves over the holiday season when it revealed that 40 million of its customers had their debit and credit card information stolen since Black Friday. But the newest cyber attack scandal is blowing Target out of the water.
According to the cybersecurity firm Hold Security LLC, over 360 million email accounts and 1.25 billion email addresses without passwords were discovered on the online black market over the past three weeks — making it the biggest data breach in history. The firm says that the "mind boggling" cache was stolen in separate, multiple attacks, and that nearly 105 million records were stolen in a single data breach.
"The sheer volume is overwhelming," said Alix Holden, chief information security officer of Hold Security.
The email addresses came from all the major providers, including Google, Microsoft and Yahoo. Non-profit organizations and "almost all" Fortune 500 companies were affected by the attacks — some have not made their security breaches public, while many others were unaware until Hold Security's discovery.
Holden believes that the incredible scale of the security breach is "a sign that hackers are switching their tactics," focusing on large companies that store a ton of private data instead of going after individual users.
This email security breach may be more dangerous than the Target credit card theft, and not just because of its sheer size — hackers can benefit "because of the chance the sets of user names and passwords could open the door to online bank accounts, corporate networks, health records and virtually any other type of computer system."
"It is Godzilla-sized, it is a monster," said online security consultant Graham Cluley. "There may be some duplicates but, even so, it sounds like a complete treasure trove for cybercriminals."
The news is the latest on a string of high-profile security breaches over the past few months, affecting big companies, such as Target, Neiman Marcus, Michaels, Adobe and Snapchat.