144 106 95 LINKEDIN 6 COMMENTMORE

LAS VEGAS — It's never good when news breaks that a Russian crime ring has amassed a cache of 1.2 billion username and password combinations.

The breach is the biggest ever reported and includes information from individuals and companies worldwide. It's another indicator of the uncertainty that seems baked in to our increasingly digital world.

Security experts say the situation isn't quite as dire as it might sound.

The breach was discovered by Hold Security in Milwaukee. The company released the information to The New York Times on Tuesday. Tuesday — not coincidentally, some say — was also the opening of Black Hat, a popular computer security conference held in Las Vegas each August. It is followed by DefCon, a more hacker-oriented conference.

The release of news about major security issues during the security confab "is almost traditional," said Geoff Webb, senior director of security and strategy at Net IQ, a computer security company based in Houston.

"It's fairly usual for companies to release interesting or startling information at Black Hat. If I were them and I wanted to make sure the world paid attention to this, I'd do it at Black Hat," Webb said.

Though the numbers, including more than 500 million e-mail addresses, are enormous, very few of those addresses have been affected, said Howard Schmidt, who chairs the board of Codenomicon, a Finnish computer security company.

"On balance, we have to remember that we can still buy airline tickets online, we can still stream movies, we can still e-mail," he said.

"There are threats, but the system still works," said Schmidt, a former cybersecurity coordinator and special assistant to the president.

Security is improving and is much more robust than it might have been 10 years ago. But the sheer complexity of the Internet means "things are getting worse even as security improves," said Bruce Schneier, one of the foremost computer security experts in the world.

Schneier and Schmidt held a fireside chat in Las Vegas on Tuesday — at a linked but separate security event, Codenomicon 2014.

Crooks have gotten better and much more sophisticated, Schneier said.

"The criminal supply chain is complete; it's a well-honed business," he said. "Whatever you want, a specialist in stealing money, passwords, there's someone you can hire."

Even breaches of this size don't necessarily surprise the experts.

"I confess, I've become jaded — I no longer read such news. In fact, the more likely scenario is I go, 'Ah, another one,' " said Pierluigi Stella, chief technology officer at Network Box USA, a Houston-based security company.

Jefferson Graham answers readers questions-on using password manager apps on the go.

Contributing: Jessica Guynn.

144 106 95 LINKEDIN 6 COMMENTMORE
Read or Share this story: http://usat.ly/1saZeQD