Pretty good counterpoint to both the New York Times’ story on this and Brian Krebs’ post. Krebs has more to lose here: the Times is a mainstream publication, but Krebs’ credibility in the computer security industry has been astonishing so far.
The other credible media-friendly security dude Bruce Schneier is also not convinced:
I don’t know how much of this story is true, but what I was saying to reporters over the past two days is that it’s evidence of how secure the Internet actually is. We’re not seeing massive fraud or theft. We’re not seeing massive account hijacking. A gang of Russian hackers has 1.2 billion passwords — they’ve probably had most of them for a year or more — and everything is still working normally. This sort of thing is pretty much universally true.