The Russian gang amassed their haul of credentials by using a botnet to scan the net for vulnerabilities

Russian gang amasses 1.2 billion login credentials

Roughly 1.2 billion Internet logins and passwords have been amassed by a Russian criminals, according to a cyber-security firm.

Hold Security says that after seven months of research it has identified a Russian gang, which it has dubbed “CyberVor” with ‘vor’ meaning ‘thief’ in Russian, that has amassed more than 4.5 billion records of which roughly 1.2 billion appear to be unique security credentials belonging to 500 million e-mail address.

The firm, which grabbed headlines last year when it uncovered a data breach at Adobe Systems, claims the records were stolen from some 420,000 websites, though the US-based firm declined to identify the sites that were breached, citing nondisclosure agreements and concerns that they remained vulnerable to attack, the paper reported on its website.

"Hackers did not just target US companies, they targeted any website they could get, ranging from Fortune 500 companies to very small websites. And most of these sites are still vulnerable," the New York Times quoted Alex Holden, the founder of Hold Security, as saying.

According to a blog post on the firm’s website, the gang initially acquired databases of stolen credentials from fellow hackers on the black market, which were used to distribute spam to victims that installed malicious redirections on legitimate systems.

Then earlier this year, the hackers started to use botnet networks to conduct a massive security audit of the sites victim computers visited to identify SQL vulnerabilities.

The group identified more than 400,000 sites as potentially vulnerable to SQL injection flaws and then used these vulnerabilities to steal data from the databases of the affected sites, focussing mainly on stealing credentials.

Dmitri Alperovitch, chief technology officer of the cybersecurity firm CrowdStrike told Reuters that the stolen passwords could be used to access other accounts beyond the ones on sites that were breached because people commonly use the same passwords for multiple sites.

"A compromise like this could mushroom," said Alperovitch.

Tom Burton, a director at KPMG’s cyber security practice, said that the amount of information the group has amassed raises questions about what they could realistically do with it and suggests that they plan to package the credentials and sell them on on the black market.

“This latest breach also offers more evidence that passwords are losing their effectiveness as a protection mechanism,” he added. “Individuals cannot possibly remember a different password for each website they use, let alone passwords with strength.

“In the short term individuals must take a more risk based approach, maintaining strong and unique credentials for those sites that would create the greatest impact if breached – such as bank or email accounts – while being pragmatic and using common passwords for sites that would be little more than an irritation if breached.”

Hold Security in February said it had uncovered stolen credentials from some 360 million accounts that were available for sale on cyber black markets.

Recent articles

Info Message

Our sites use cookies to support some functionality, and to collect anonymous user data.

Learn more about IET cookies and how to control them