Russian Hackers Gather More Than 1 Billion Internet Passwords
Hold Security said on Tuesday that a cyber gang located in Russia is currently hoarding a large amount of data stolen from both companies and individuals. The firm reports that it is the largest known data breach to date, and could possibly affect everyone who has data stored on the Internet.
"Your data has not necessarily been stolen from you directly," the security firm said. "It could have been stolen from the service or goods providers to whom you entrust your personal information, from your employers, even from your friends and family."
The group was finally identified after more than seven months of research. Currently, the gang does not have a name, but Hold Security is calling this group "CyberVor"; the "Vor" part in the name means "thief" in Russian. This group has gathered more than 4.5 billion records, most of which consist of stolen credentials.
"1.2 billion of these credentials appear to be unique, belonging to over half a billion e-mail addresses. To get such an impressive number of credentials, the CyberVors robbed over 420,000 web and FTP sites," the security firm said.
CyberVor started its campaign by acquiring databases of stolen credentials from comrades in the black market. These were used to attack social media, e-mail providers and other sites on the World Wide Web to distribute malicious spam to victims.
"Through the underground black market, the CyberVors got access to data from botnet networks (a large group of virus-infected computers controlled by one criminal system)," the security firm said. "These botnets used victims' systems to identify SQL vulnerabilities on the sites they visited. The botnet conducted possibly the largest security audit ever."
According to Hold Security, over 400,000 sites are potentially vulnerable to SQL injection flaws. These vulnerabilities were used to steal data from the databases of these websites. The group also did not prefer large websites over small ones; they attacked both sets equally. They also did not discriminate between large companies and small ones.
Stay On the Cutting Edge: Get the Tom's Hardware Newsletter
Get Tom's Hardware's best news and in-depth reviews, straight to your inbox.
"4.5 billion credentials seems like an impossible number, but just think of how many sites require you to register your e-mail address and, let's face it, almost everyone re-uses their passwords," the firm said. "So, it's not hard to see how some of us could have been victimized more than once."
Individuals are the main victims, so Hold Security is providing customers with a full electronic identity monitoring service within the next 60 days. Companies are advised to determine if their website is susceptible to an SQL injection. They're hard to spot, the company warns, and could reside on auxiliary sites instead of the main site.
Keep in mind that security firms like this are typically security products to ameliorate the warnings posted, so always take these things with a grain of salt.
Follow Kevin Parrish @exfileme. Follow us @tomshardware, on Facebook and on Google+.

Intel roasts AMD and Nvidia in its latest product security report, claiming AMD has vulnerabilities with no fix planned, Nvidia has only high-severity security bugs [Updated]

Backdoor uncovered in China-made patient monitors — Contec CMS8000 raises questions about healthcare device security
-
g-unit1111 13905121 said:How many iterations of 1234 and catdog can there be for passwords?
Dark Helmet: So the combination is... one, two, three, four, five? That's the stupidest combination I've ever heard in my life! That's the kind of thing an idiot would have on his luggage!
Dark Helmet: It worked, sir. We have the combination.
President Skroob: Great. Now we can take every last breath of fresh air from Planet Druidia. What's the combination?
Colonel Sandurz: 1-2-3-4-5
President Skroob: 1-2-3-4-5?
Colonel Sandurz: Yes!
President Skroob: That's amazing. I've got the same combination on my luggage.
:lol: -
Steve Simons 13914131 said:13905121 said:How many iterations of 1234 and catdog can there be for passwords?
Dark Helmet: So the combination is... one, two, three, four, five? That's the stupidest combination I've ever heard in my life! That's the kind of thing an idiot would have on his luggage!
Dark Helmet: It worked, sir. We have the combination.
President Skroob: Great. Now we can take every last breath of fresh air from Planet Druidia. What's the combination?
Colonel Sandurz: 1-2-3-4-5
President Skroob: 1-2-3-4-5?
Colonel Sandurz: Yes!
President Skroob: That's amazing. I've got the same combination on my luggage.
:lol:
http://gizmodo.com/for-20-years-the-nuclear-launch-code-at-us-minuteman-si-1473483587
Launch codes for all US missile silos was 00000000 for over 20 years...