According to a report published by Hold Security, Russian hackers have stolen over 1.2 billion user names and passwords in a series of Internet thefts affecting 420,000 websites. The gang dubbed CyberVor or cyber thief in Russian was identified after seven months of research by the security firm.
Hold Security reports that Russian cyber criminals collected over 4.5 billion records earlier this year and sorted through the data to remove duplicates. They were left with over 1.2 billion unique records and 542 million email addresses. The company says that the data collected by the hackers has not been sold, but is being used to spam social networks on behalf of other groups for a fee.
“Hackers did not just target U.S. companies, they targeted any website they could get, ranging from Fortune 500 companies to very small websites,” Alex Holden, the founder and chief information security officer of Hold Security, stated. “And most of these sites are still vulnerable.”
Holden says Hold Security has been in contact with many of the victimized website companies, but has not been able to reach all of them yet. The leak highlights that online users should protect their personal information and change their usernames and passwords frequently or risk identity theft. Cyber sleuths urge users to not use the same passwords for different online accounts.
“Companies that rely on usernames and passwords have to develop a sense of urgency about changing this,” Avivah Litan, a security analyst at the research firm Gartner, told The Times. “Until they do, criminals will just keep stockpiling people’s credentials.”
This is not the first major breach of personal online data, although it is the largest this year. Earlier this year Hold security discovered more than 105 million records stolen from 360 million accounts and 1.25 billion email addresses. The security firm discovered that the data was put for sale on the online black market by the hackers.
Source: NY Times