

Q&A on the Reported Theft of 1.2B Email Accounts - PaulSec
http://krebsonsecurity.com/2014/08/qa-on-the-reported-theft-of-1-2b-email-accounts/

======
crazypyro
I'm still highly skeptical about the motives behind the report. Its obvious to
anyone in tech that there is no "new" exploit, else Hold Security would be
releasing the vulnerability to software developers. Instead, they just say
they have "contacted" (aka sales pitch'd) companies that they have confirmed
have been hacked. Now that all the companies that you have proof were hacked
have paid you or turned you down, you release a public story in the NYT that
comes out during Black Hat and scare other companies into purchasing your
"service" of checking to see if they were in the hacked companies.

So basically, Hold Security is charging 120/year for the ability to ask some
secret, professional Russian hackers if your site was in fact one of the sites
they hacked.

------
Sonicmouse
I don't know about the article, but, the comments on the articles page are
somewhat entertaining.

~~~
makomk
Especially the one about Brian Krebbs not disclosing his relationship to the
company behind this.

~~~
dm2
Can't really betray your source if you are a reporter. They simply wouldn't
trust you next time.

------
atoponce
[http://krebsonsecurity.com/2014/08/qa-on-the-reported-
theft-...](http://krebsonsecurity.com/2014/08/qa-on-the-reported-theft-
of-1-2b-email-accounts/comment-page-1/#comment-272527)

