Blog post

Russian Gang Password heist is so much worse than Target

By Avivah Litan | August 06, 2014 | 2 Comments

I’m finally going to change my passwords. Frankly, I haven’t been motivated until now – even after Heartbleed and all the other heists – since I just do a quick mental calculation of my risk vs. my inconvenience. And I decided against the inconvenience.

But now the threat to me and you as consumers is real and strong. We’ve all been speaking about these phenomena for years, i.e. the criminals amassing millions of records on users, including credentials/passwords, bank account numbers, personal data and more. And it’s finally a reality – not just conjecture anymore.

The interesting thing is that most consumers think the Target breach was more serious than this one. The Target breach pales compared to this revelation. With Target and stolen cards, consumers are protected financially and the banks can stop the stolen cards from being used relatively quickly. All the card payment systems around the world interconnect virtually in real time so fixes can be applied immediately.

With the theft of passwords and other sensitive data, the criminals have access to many of our accounts where our protections are much less and where systems are much more fragmented. For example, if someone steals money from my online retirement account, I have to go through a lot of very time-consuming hoops to get my money back and may not get it back in the end if my retirement company doesn’t want to give it back to me. They can tell me it’s my fault my password was stolen. The same rules apply to many other types of bank and investment accounts.

In the meantime, there’s a lot of chatter about the motivations of the company who told the NY Times about this story. Frankly, no matter what the motivations were or are, the story is still true and it’s still ominous.

Bottom Line – change your passwords and monitor your accounts closely. And try to put your money with providers that don’t just rely on passwords for security.

The Gartner Blog Network provides an opportunity for Gartner analysts to test ideas and move research forward. Because the content posted by Gartner analysts on this site does not undergo our standard editorial review, all comments or opinions expressed hereunder are those of the individual contributors and do not represent the views of Gartner, Inc. or its management.

Comments are closed


  • Avivah,

    You’re absolutely correct, this is a phenomenal breach. Heartbleed was theoretical as it may have led to a breach. This is real, passwords have been compromised in numbers that are hard to grasp. Time to change those passwords, but more importantly, time for enterprises to move away from passwords to prevent future breaches.


  • Larry Fernandez says:

    In my view all events have a beginning, middle and ending.
    You have related the beginning of this event.
    But what will happen next?
    How will things end up?
    In my opinion, the only way for events like this to have a meaningful impact is for the entire tale (beginnning, middle, ending) to remain in the public view. Otherwise, we all forget about this headline and move on to the next hot topic.