Howard Schmidt: 'There are threats, but the system still works.' (Chip Somodevilla / Getty Images)
LAS VEGAS — It's never good when news breaks that a Russian crime ring has amassed a cache of 1.2 billion username and password combinations.
But security experts say that this particular situation isn't quite as dire as it might sound.
The breach was discovered by Hold Security in Milwaukee. The company released the information to the New York Times Tuesday.
Tuesday — not coincidentally, some say — was also the opening of Black Hat, a popular computer security conference held in Las Vegas each August. It is followed by DefCon, a more hacker oriented conference.
The release of news about major security issues during the security confab "is almost traditional," said Geoff Webb, senior director of security and strategy at Net IQ, a computer security company based in Houston.
"It's fairly usual for companies to release interesting or startling information at Black Hat. If I were them and I wanted to make sure the world paid attention to this, I'd do it at Black Hat," Webb said.
While the numbers, including more than 500 million email addresses, are enormous, very few of those addresses have actually been affected, said Howard Schmidt, who chairs the board of Codenomicon, a Finnish computer security company.
"On balance, we have to remember that we can still buy airline tickets online, we can still stream movies, we can still email," he said.
"There are threats, but the system still works," said Schmidt, a former cybersecurity coordinator and special assistant to the president.
Computer security, too, is much better than it was in the past.
Security is improving and is much more robust than it might have been ten years ago. But at the same time the sheer complexity of the Internet means that "things are getting worse even as security improves," said Bruce Schneier, one of the foremost computer security experts in the world.
Schneier and Schmidt held a fireside chat in Las Vegas on Tuesday — at a linked but separate security event, Codenomicon 2014, held at the House of Blues.
Crooks, too, have gotten better and much more sophisticated said Schneier.
"The criminal supply chain is complete, it's a well-honed business," he said. "What ever you want, a specialist in stealing money, passwords, there's someone you can hire to do all the pieces."
Even breaches of this size don't necessarily surprise the experts.
"I confess, I've become jaded — I no longer read such news. In fact, the more likely scenario is I go, 'Ah, another one,'" said Pierluigi Stella, chief technology officer at Network Box USA, a Houston-based security company.