Sign in with
Sign up | Sign in

Russian Hackers Gather More Than 1 Billion Internet Passwords

By - Source: Hold Security | B 6 comments

Hold Security said on Tuesday that a cyber gang located in Russia is currently hoarding a large amount of data stolen from both companies and individuals. The firm reports that it is the largest known data breach to date, and could possibly affect everyone who has data stored on the Internet.

"Your data has not necessarily been stolen from you directly," the security firm said. "It could have been stolen from the service or goods providers to whom you entrust your personal information, from your employers, even from your friends and family."

The group was finally identified after more than seven months of research. Currently, the gang does not have a name, but Hold Security is calling this group "CyberVor"; the "Vor" part in the name means "thief" in Russian. This group has gathered more than 4.5 billion records, most of which consist of stolen credentials.

"1.2 billion of these credentials appear to be unique, belonging to over half a billion e-mail addresses. To get such an impressive number of credentials, the CyberVors robbed over 420,000 web and FTP sites," the security firm said.

CyberVor started its campaign by acquiring databases of stolen credentials from comrades in the black market. These were used to attack social media, e-mail providers and other sites on the World Wide Web to distribute malicious spam to victims.

"Through the underground black market, the CyberVors got access to data from botnet networks (a large group of virus-infected computers controlled by one criminal system)," the security firm said. "These botnets used victims' systems to identify SQL vulnerabilities on the sites they visited. The botnet conducted possibly the largest security audit ever."

According to Hold Security, over 400,000 sites are potentially vulnerable to SQL injection flaws. These vulnerabilities were used to steal data from the databases of these websites. The group also did not prefer large websites over small ones; they attacked both sets equally. They also did not discriminate between large companies and small ones.

"4.5 billion credentials seems like an impossible number, but just think of how many sites require you to register your e-mail address and, let's face it, almost everyone re-uses their passwords," the firm said. "So, it's not hard to see how some of us could have been victimized more than once."

Individuals are the main victims, so Hold Security is providing customers with a full electronic identity monitoring service within the next 60 days. Companies are advised to determine if their website is susceptible to an SQL injection. They're hard to spot, the company warns, and could reside on auxiliary sites instead of the main site.

Keep in mind that security firms like this are typically security products to ameliorate the warnings posted, so always take these things with a grain of salt.

Follow Kevin Parrish @exfileme. Follow us @tomshardware, on Facebook and on Google+.

Discuss
Add a comment
Ask a Category Expert
React To This Article

Create a new thread in the News comments forum about this subject

Example: Notebook, Android, SSD hard drive

  • 1 Hide
    wiinippongamer , August 7, 2014 7:40 AM
    Ban passwords
  • 9 Hide
    TommyTanker , August 7, 2014 9:26 AM
    Well at least we now know that hackers wear bright green hoodies.
  • 3 Hide
    Steve Simons , August 7, 2014 11:57 AM
    How many iterations of 1234 and catdog can there be for passwords?
  • Add your comment Display all 6 comments.
  • 1 Hide
    ickibar1234 , August 8, 2014 12:46 AM
    "robbed"? You mean copied.
  • 1 Hide
    g-unit1111 , August 8, 2014 3:16 PM
    Quote:
    How many iterations of 1234 and catdog can there be for passwords?


    Dark Helmet: So the combination is... one, two, three, four, five? That's the stupidest combination I've ever heard in my life! That's the kind of thing an idiot would have on his luggage!

    Dark Helmet: It worked, sir. We have the combination.

    President Skroob: Great. Now we can take every last breath of fresh air from Planet Druidia. What's the combination?

    Colonel Sandurz: 1-2-3-4-5

    President Skroob: 1-2-3-4-5?

    Colonel Sandurz: Yes!

    President Skroob: That's amazing. I've got the same combination on my luggage.

    :lol: 
  • 0 Hide
    Steve Simons , August 20, 2014 1:45 PM
    Quote:
    Quote:
    How many iterations of 1234 and catdog can there be for passwords?


    Dark Helmet: So the combination is... one, two, three, four, five? That's the stupidest combination I've ever heard in my life! That's the kind of thing an idiot would have on his luggage!

    Dark Helmet: It worked, sir. We have the combination.

    President Skroob: Great. Now we can take every last breath of fresh air from Planet Druidia. What's the combination?

    Colonel Sandurz: 1-2-3-4-5

    President Skroob: 1-2-3-4-5?

    Colonel Sandurz: Yes!

    President Skroob: That's amazing. I've got the same combination on my luggage.

    :lol: 


    http://gizmodo.com/for-20-years-the-nuclear-launch-code-at-us-minuteman-si-1473483587
    Launch codes for all US missile silos was 00000000 for over 20 years...
React To This Article