Privacy & Security


We're learning more this morning about a high-profile data breach - a big one. Russian hackers have allegedly gotten their hands on more than a billion online usernames and passwords. This was first reported by the New York Times. It's believed to be the largest stockpile of stolen credentials ever. Here's NPR's Elise Hu.

ELISE HU, BYLINE: Online security firms had already predicted this would be the year of the big breach. Orla Cox directs a anti-virus firm Symantec's security response teams.

ORLA COX: This year is already on track to be the year of the mega, mega data breach.

HU: How mega is this? The total number of worldwide Internet users is 3 billion and this hack captured more than 1 billion credentials. But as few as a dozen millennial generation hackers were behind it, according to Hold Security, the firm that discovered the breach. That's because most of the data stealing was done by computers with what's known as a zombie army or botnet.

COX: They did not require, you know, highly sophisticated techniques.

HU: Hackers infected the computers with malware - bots that snuck onto sites and link up as a network to amass his record-setting collection. Cox said all hackers had to do was wait.

COX: These are full-time cyber criminals who are, you know, have likely been carrying this out for a number of months maybe even years.

HU: Law enforcement organizations aren't saying whether they're investigating this breach but the Times reports that the companies affected know they're vulnerable. So security firms say change your passwords.

COX: All Internet users should assume that they've been impacted by this.

HU: This billion user breach underscores an ongoing problem as companies race to safeguard our data, hackers can often get to it first. Elise Hu, NPR News, Washington.

Copyright © 2014 NPR. All rights reserved. Visit our website terms of use and permissions pages at for further information.

NPR transcripts are created on a rush deadline by a contractor for NPR, and accuracy and availability may vary. This text may not be in its final form and may be updated or revised in the future. Please be aware that the authoritative record of NPR’s programming is the audio.



Please keep your community civil. All comments must follow the Community rules and terms of use, and will be moderated prior to posting. NPR reserves the right to use the comments we receive, in whole or in part, and to use the commenter's name and location, in any medium. See also the Terms of Use, Privacy Policy and Community FAQ.

NPR thanks our sponsors

Become an NPR sponsor

Support comes from