Russian cyber gang in world's biggest theft of data
A RUSSIAN cyber gang has amassed more than 4.5 billion stolen credentials, including 1.2 billion username and password combinations and more than 500 million email addresses, security experts say.
The records, discovered by Hold Security, a firm in Milwaukee, include confidential material gathered from 420,000 websites, ranging from household names to small Internet sites.
Hold Security has a history of uncovering significant hacks, including the theft last year of tens of millions of records from Adobe Systems.
Hold Security would not name the victims, citing nondisclosure agreements and a reluctance to name companies whose sites remained vulnerable.
In a post on its website, it say it has discovered "what could be arguably the largest data breach known to date".
"Whether you are a computer expert or a technophobe, as long as your data is somewhere on the World Wide Web, you may be affected by this breach.
"Your data has not necessarily been stolen from you directly. It could have been stolen from the service or goods providers to whom you entrust your personal information, from your employers, even from your friends and family, the company says.
WHAT ELSE IS MAKING NEWS:
Hold said it had identified a Russian cyber gang which is currently in possession of the largest cache of stolen data.
"While the gang did not have a name, we dubbed it "CyberVor" ("vor" meaning "thief" in Russian).
"The CyberVor gang amassed over 4.5 billion records, mostly consisting of stolen credentials. 1.2 billion of these credentials appear to be unique, belonging to over half a billion e-mail addresses.
"To get such an impressive number of credentials, the CyberVors robbed over 420,000 web and FTP sites.
"Initially, the gang acquired databases of stolen credentials from fellow hackers on the black market.
"These databases were used to attack e-mail providers, social media, and other websites to distribute spam to victims and install malicious redirections on legitimate systems.
"Earlier this year, the hackers altered their approach. Through the underground black market, the CyberVors got access to data from botnet networks (a large group of virus-infected computers controlled by one criminal system).
"These botnets used victims' systems to identify SQL vulnerabilities on the sites they visited.
"The botnet conducted possibly the largest security audit ever.
"Over 400,000 sites were identified to be potentially vulnerable to SQL injection flaws alone.
"The CyberVors used these vulnerabilities to steal data from these sites' databases.
"To the best of our knowledge, they mostly focused on stealing credentials, eventually ending up with the largest cache of stolen personal information, totaling over 1.2 billion unique sets of e-mails and passwords.''
On it's website, the company is promoting possible solutions to the problem for both companies and individuals.