Gartner Blog Network


Russian Gang Password heist is so much worse than Target

by Avivah Litan  |  August 6, 2014  |  3 Comments

I’m finally going to change my passwords. Frankly, I haven’t been motivated until now – even after Heartbleed and all the other heists – since I just do a quick mental calculation of my risk vs. my inconvenience. And I decided against the inconvenience.

But now the threat to me and you as consumers is real and strong. We’ve all been speaking about these phenomena for years, i.e. the criminals amassing millions of records on users, including credentials/passwords, bank account numbers, personal data and more. And it’s finally a reality – not just conjecture anymore.

The interesting thing is that most consumers think the Target breach was more serious than this one. The Target breach pales compared to this revelation. With Target and stolen cards, consumers are protected financially and the banks can stop the stolen cards from being used relatively quickly. All the card payment systems around the world interconnect virtually in real time so fixes can be applied immediately.

With the theft of passwords and other sensitive data, the criminals have access to many of our accounts where our protections are much less and where systems are much more fragmented. For example, if someone steals money from my online retirement account, I have to go through a lot of very time-consuming hoops to get my money back and may not get it back in the end if my retirement company doesn’t want to give it back to me. They can tell me it’s my fault my password was stolen. The same rules apply to many other types of bank and investment accounts.

In the meantime, there’s a lot of chatter about the motivations of the company who told the NY Times about this story. Frankly, no matter what the motivations were or are, the story is still true and it’s still ominous.

Bottom Line – change your passwords and monitor your accounts closely. And try to put your money with providers that don’t just rely on passwords for security.

Category: 

Avivah Litan
VP Distinguished Analyst
19 years at Gartner
34 years IT industry

Avivah Litan is a Vice President and Distinguished Analyst in Gartner Research. Ms. Litan's areas of expertise include endpoint security, security analytics for cybersecurity and fraud, user and entity behavioral analytics, and insider threat detection. Read Full Bio


Thoughts on Russian Gang Password heist is so much worse than Target


  1. […] Source: Russian Gang Password heist is so much worse than Target […]

  2. Avivah,

    You’re absolutely correct, this is a phenomenal breach. Heartbleed was theoretical as it may have led to a breach. This is real, passwords have been compromised in numbers that are hard to grasp. Time to change those passwords, but more importantly, time for enterprises to move away from passwords to prevent future breaches.

    Brett

  3. Larry Fernandez says:

    Avivah,
    In my view all events have a beginning, middle and ending.
    You have related the beginning of this event.
    But what will happen next?
    How will things end up?
    In my opinion, the only way for events like this to have a meaningful impact is for the entire tale (beginnning, middle, ending) to remain in the public view. Otherwise, we all forget about this headline and move on to the next hot topic.
    Larry



Comments are closed

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.