Hold Security is cashing in on the 1.2 billion collection of stolen credentials, by charging users $200 a month to be off the list.
According to Graham Cluley, while Hold Security did well to secure such a high profile piece in the New York Times, it transpired that Hold Security was blatantly using its discovery of a mountain of stolen credentials as a brazen sales pitch for its new breach notification service. For as little as “$120/year with a two-week money back guarantee” you can be alerted if your site is discovered to have suffered an attack.
Also, Hold Security is asking users to sign up for what it calls the “Consumer Hold Identity Protection Service” (CHIPS). Hold Security says that CHIPS is a subscription service, but if you sign up right now you’ll get 30 days protection for free.
Also, Hold Security wants you to give them your email address – and if they find it in their database of stolen credentials, they will then ask you to “provide an encrypted versions of your passwords to compare it to the ones in our database, so that we can let you know exactly which of your passwords have been compromised”.