More than 300,000 stolen username and password combinations were posted to a public website last year revealing the tip of a cybercrime iceberg that is only getting larger, according to security firm High-Tech Bridge.
The Swiss researchers examined 12 months worth of data covering 2013 that was posted to Pastebin.com, a website used to share text online. What High-Tech Bridge found was 311,095 user credentials (login/password pairs) for various services, websites and emails.
"300,000 compromised user accounts during the last twelve months is a huge number if we take into consideration that this amount of information is being stored just on one single legitimate website," Ilia Kolochenko, CEO of High-Tech Bridge, said in a statement. "It's impossible to make a precise estimate of how many user accounts were really compromised, but I think we can speak about several hundreds of millions at least. People finally need to understand that the Internet is a very hostile place, while online service providers need to finally start taking network security seriously."
In the Pastebin.com research, email systems accounted for 40.9% of leaked passwords. The most popular were gmail.com (25.1%) and Yahoo.com (22%). Other systems attacked included social networks at 13.1% (Facebook was the most popular at 92%), online games (2.8%), online payment systems (1.5%) and online shops (1.1%). Miscellaneous/Mixed/Unknown accounted for 40.6%.
Kolochenko said the two main methods used to breach systems were insecure web applications and compromised user machines with installed Trojans.
"The problem is that a lot of sensitive information is stored in many different places thanks to the cloud and other new technologies," he said. "Today, hackers don't need to perform frontal attacks anymore, they just need to find the least protected machine that can access the data they need and compromise it."