Skip to main content

Russian Hackers Gather More Than 1 Billion Internet Passwords

Hold Security said on Tuesday that a cyber gang located in Russia is currently hoarding a large amount of data stolen from both companies and individuals. The firm reports that it is the largest known data breach to date, and could possibly affect everyone who has data stored on the Internet.

"Your data has not necessarily been stolen from you directly," the security firm said. "It could have been stolen from the service or goods providers to whom you entrust your personal information, from your employers, even from your friends and family."

The group was finally identified after more than seven months of research. Currently, the gang does not have a name, but Hold Security is calling this group "CyberVor"; the "Vor" part in the name means "thief" in Russian. This group has gathered more than 4.5 billion records, most of which consist of stolen credentials.

"1.2 billion of these credentials appear to be unique, belonging to over half a billion e-mail addresses. To get such an impressive number of credentials, the CyberVors robbed over 420,000 web and FTP sites," the security firm said.

CyberVor started its campaign by acquiring databases of stolen credentials from comrades in the black market. These were used to attack social media, e-mail providers and other sites on the World Wide Web to distribute malicious spam to victims.

"Through the underground black market, the CyberVors got access to data from botnet networks (a large group of virus-infected computers controlled by one criminal system)," the security firm said. "These botnets used victims' systems to identify SQL vulnerabilities on the sites they visited. The botnet conducted possibly the largest security audit ever."

According to Hold Security, over 400,000 sites are potentially vulnerable to SQL injection flaws. These vulnerabilities were used to steal data from the databases of these websites. The group also did not prefer large websites over small ones; they attacked both sets equally. They also did not discriminate between large companies and small ones.

"4.5 billion credentials seems like an impossible number, but just think of how many sites require you to register your e-mail address and, let's face it, almost everyone re-uses their passwords," the firm said. "So, it's not hard to see how some of us could have been victimized more than once."

Individuals are the main victims, so Hold Security is providing customers with a full electronic identity monitoring service within the next 60 days. Companies are advised to determine if their website is susceptible to an SQL injection. They're hard to spot, the company warns, and could reside on auxiliary sites instead of the main site.

Keep in mind that security firms like this are typically security products to ameliorate the warnings posted, so always take these things with a grain of salt.

Follow Kevin Parrish @exfileme. Follow us @tomshardware, on Facebook and on Google+.