Russian hackers stole 1.2 bn passwords (Update)

August 5, 2014
A Russian hacker group has stolen an estimated 1.2 billion Internet credentials from major US companies and others around the world, the New York Times reports

Russian hackers stole 1.2 billion Internet credentials from major US companies and others around the world in what is likely the biggest data breach ever, security researchers said Tuesday.

The US firm Hold Security said the gang which it dubbed "CyberVor" collected confidential user names and passwords were stolen from some 420,000 websites, ranging from household names to small Internet sites.

"As long as your data is somewhere on the World Wide Web, you may be affected by this breach," Hold said in a statement on its website.

"Your data has not necessarily been stolen from you directly. It could have been stolen from the service or goods providers to whom you entrust your personal information, from your employers, even from your friends and family."

The security firm, which specializes in research on large data breaches, said the cybergang acquired databases of stolen credentials from fellow hackers on the black market, and then installed malware that allowed them to gain access to many websites and social media accounts.

"To the best of our knowledge, they mostly focused on stealing credentials, eventually ending up with the largest cache of stolen personal information, totaling over 1.2 billion unique sets of e-mails and passwords," the researchers said.

"The CyberVors did not differentiate between small or large sites. They didn't just target large companies; instead, they targeted every site that their victims visited. With hundreds of thousands sites affected, the list includes many leaders in virtually all industries across the world, as well as a multitude of small or even personal websites."

The researchers dubbed the hacker group CyberVor, using the Russian word "vor," for thief.

The New York Times first reported the breach, and said the group of hackers based their operation in south central Russia, a flanked by Kazakhstan and Mongolia, the report said.

The Times said the group includes fewer than a dozen men in their 20s and that their computer servers are believed to be in Russia.

"There is a division of labor within the gang," Hold Security founder Alex Holden is quoted as saying.

"Some are writing the programming, some are stealing the data."

Explore further: Hackers target Bethesda videogame studio

Related Stories

Hackers target Bethesda videogame studio

June 13, 2011

US videogame studio Bethesda Softworks on Monday said its websites were hit with a cyberattack over the weekend and warned that hackers may have stolen some user data.

Yahoo email account passwords stolen (Update 2)

January 30, 2014

Usernames and passwords of some of Yahoo's email customers have been stolen and used to gather personal information about people those Yahoo mail users have recently corresponded with, the company said Thursday.

France's Orange hit by hackers data raid

May 7, 2014

Hackers have stolen the personal data of 1.3 million customers of French telephone company Orange, in the second major breach of its kind in a matter of months.

Putin signs law seen as crimping social media

July 22, 2014

President Vladimir Putin on Tuesday signed a law requiring Internet companies to store all personal data of Russian users at data centres in Russia, a move which could chill criticism on foreign social networking sites like ...

Recommended for you

Power grid forecasting tool reduces costly errors

July 30, 2015

Accurately forecasting future electricity needs is tricky, with sudden weather changes and other variables impacting projections minute by minute. Errors can have grave repercussions, from blackouts to high market costs. ...

Netherlands bank customers can get vocal on payments

August 1, 2015

Are some people fed up with remembering and using passwords and PINs to make it though the day? Those who have had enough would prefer to do without them. For mobile tasks that involve banking, though, it is obvious that ...

Microsoft describes hard-to-mimic authentication gesture

August 1, 2015

Photos. Messages. Bank account codes. And so much more—sit on a person's mobile device, and the question is, how to secure them without having to depend on lengthy password codes of letters and numbers. Vendors promoting ...

1 comment

Adjust slider to filter visible comments by rank

Display comments: newest first

kochevnik
1 / 5 (1) Aug 06, 2014
USA and NATO declare war on Russia, then whine about extra penis enlargement SPAM from Russia

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.