Posted: August 8, 2014 in Tech


This will be short and sweet because Alex Holden does not need any further publicity for his actions. You have likely read the accusations that, earlier this week, Alex Holden of Hold Security announced to the NYT that he had discovered Russian hackers had stolen over 4 billion usernames and passwords. After running a duplication check, that narrowed to 1.2 billion and, while not often reported, that list was further whittled down to around 500 million individual users via unique email addresses.

I highlighted a number I feel is pretty important. What Holden told the New York Times was a carefully worded falsehood. Holden himself has carefully collected this data over the span of a year or two, maybe even to the point of purchasing old U/P information. Hold Security is a passive form of security — they are not going out to find your data and wrangle it out of the hands of those Evil Russian Hackers (Holden is from the Ukraine). What they are doing is lurking TOR nodes observing chatter. I would almost go so far as to suggest that he has obtained access to multiple forum systems on TOR that require verification of l33t-krad-LoD-versus-MoD status. Holden throws together a giant list of antiquated loose account leads, pings the New York Times (a source he “found” was compromised previously) and tells a fantastical story about this massive cache of (completely outdated) U/P’s.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s