Russian hacker group steals billions of records in biggest heist known to date
Wed 6 Aug 2014
p>A Russian hacker group has stolen over 1.2 billion usernames and passwords from over 500 million email accounts, in the biggest data haul known to date, warned research firm Hold Security.
Around 4.5bn actual records are said to have been snatched from over 420,000 sites, including details hacked from top Fortune 500 companies, as well as smaller websites. Hold Security has not yet identified the compromised websites so as not to expose any unpatched vulnerabilities, it told the New York Times. However, a third party cybercrime expert has reviewed the information and confirmed that the data acquired by the Milwaukee-based security firm was indeed legitimate.
The group of criminals is expected to include around 10 men, programmers and hackers, using servers based in Russia. Hold Security has also suggested a partnership with another hacking collective may have been possible to achieve such a large haul.
The crime has been organised around a massive botnet of slave computers which infects victim sites with the specialised programming software SQL, which allows for remote access. This ability to hack remotely is extremely dangerous as it allows cyber criminals to breach systems unbeknown to the user, Todd Morris, CEO of security firm Brickhouse, told Business Insider.
“So many people use the same password over and over again for different websites […] If people were using more unique passwords, it would be a more limited threat,” Morris added.
Alex Holden, founder and CISO at Hold Security, explained that “most of [the compromised sited] are still vulnerable” while the central botnet is still active.
As yet the ring has not sold any of the stolen data, but is using the information to spread spam on social networks and charging for their work.