Russian Hackers Steal 1.2 Billion Passwords; Biggest Internet Security Breach Till Date
Russian hackers have stolen more than a billion passwords and user names from major companies around the world, making it the biggest internet heist till date, according to a New York Times report.
Milwaukee-based security firm Hold Security discovered the theft. The firm is well known for exposing hacking activities. The hacker group called the "CyberVor", stole confidential user names and passwords from some 420,000 websites.
"As long as your data is somewhere on the World Wide Web, you may be affected by this breach," Hold said in a statement on its website.
The security firm explains in detail the methodology of the theft. The hackers it seems bought stolen credentials in the black market and used them to install malware through spams via social media sites and emails. The data breach was done through botnets (controller of virus infected computers). These botnets used victims' systems to identify SQL vulnerabilities on the sites they visited.
"To the best of our knowledge, they mostly focused on stealing credentials, eventually ending up with the largest cache of stolen personal information, totaling over 1.2 billion unique sets of e-mails and passwords," the researchers said.
The hackers are based in south central Russia and included fewer than a dozen men in their 20s, according to the New York Times report.
"There is a division of labor within the gang," Hold Security founder Alex Holden said. "Some are writing the programming, some are stealing the data."
Hold Security had previously identified a data breach in the Adobe Systems in 2013 and the most recent one was the Target breach in February 2014, where they found that over 360 million credentials were stolen and trafficked from the company's site.