Russian hackers have stolen 1.2 billion usernames and passwords from thousands of websites, in what is believed to be the biggest data breach in history.
Hold Security, a US-based security firm with a history of uncovering large-scale hacks, claim that a Russian cyber gang dubbed ‘Cybervor’ stole over 4.5 billion records, of which 1.2 billion appear to be unique, from 420,000 websites and FTP sites. The stolen credentials include over 500 million email addresses.
The hackers initially bought smaller databases of stolen credentials on the black market and used them to attack email providers, social media, and other websites to distribute spam with links that installed malicious code to hijack people’s computers.
In the second phase, the hackers used the black market to buy access botnets, large groups of virus-infected computers controlled by one criminal system, and used them to identify websites with SQL injection vulnerabilities. They then targeted these sites and stole 1.2 billion unique sets of usernames and passwords, the largest cache of stolen credentials ever amassed.
The sites targeted by CyberVor includes “many leaders in virtually all industries across the world, as well as a multitude of small or even personal websites”.
Currently, few of the stolen credentials appear to have been sold online to other criminals, but the New York Times claims that the hackers are using the credentials to send spam marketing pitches and emails through compromised accounts.
Photograph by Bill Burris