Shadowy Russian hacker group hijacked 1.2 billion usernames, passwords

Shadowy Russian hacker group hijacked 1.2 billion usernames, passwordsA Wisconsin security firm claims that a Russian criminal group has accumulated the largest known collection of stolen online usernames and passwords via SQL injections, according to a new report in The New York Times on Tuesday.

Hold Security, which did not immediately respond to Ars’ request for comment, apparently has 1.2 billion usernames and passwords across 420,000 sites. It declined to tell The Times which companies were affected, nor name the group specifically.

In February 2014, Hold Security also discovered 360 million compromised login credentials for sale in underground crime forums. The haul, which included an additional 1.25 billion records containing only e-mail addresses, came from multiple breaches. In October 2013, the same firm discovered the circulation of 153 million user names and passwords stolen during a massive breach of Adobe's corporate network. A month later, the security firm uncovered 42 million plaintext passwords taken during a hack on niche dating service Cupid Media.

“Hackers did not just target U.S. companies, they targeted any website they could get, ranging from Fortune 500 companies to very small websites,” Alex Holden, the founder and chief information security officer of Hold Security, told The Times. “And most of these sites are still vulnerable.”

The group appears not related to the point-of-sale breaches that have taken place at Target and other major American retailers.

According to The Times:

The hacking ring is based in a small city in south central Russia, the region flanked by Kazakhstan and Mongolia. The group includes fewer than a dozen men in their 20s who know one another personally — not just virtually. Their computer servers are believed to be in Russia.

“There is a division of labor within the gang,” Mr. Holden said. “Some are writing the programming, some are stealing the data. It’s like you would imagine a small company; everyone is trying to make a living.”

They began as amateur spammers in 2011, buying stolen databases of personal information on the black market. But in April, the group accelerated its activity. Mr. Holden surmised they partnered with another entity, whom he has not identified, that may have shared hacking techniques and tools.

The disclosure of this new unnamed group comes as three major computer security conferences are under way this week in Las Vegas: Black Hat, Def Con, and PasswordsCon. Ars will be reporting from all of them in the days ahead.

Source: Ars Technica

Tags: hackers, Russia, security

Comments
Add comment

Your name:
Sign in with:
or
Your comment:


Enter code:

E-mail (not required)
E-mail will not be disclosed to the third party


Last news

 
The new 64-bit version of Firefox will be optimized to run on these computers for better performance
 
Google is expanding the Pixel 3’s eSIM support to a few new countries
 
And fortunately, it won’t be an iPhone X-like notch
 
Qualcomm Technologies has shown on the path to commercialization of 5G
 
It will be embracing Chromium in the development of the browser
 
The new OLEDs will be on display at CES 2019 in Las Vegas early next year
 
Quintuple-app strategy offers "a simpler and more unified communications experience"
 
Google's other mobile SDK is deemed ready for prime time
The Samsung Galaxy A5 (2017) Review
The evolution of the successful smartphone, now with a waterproof body and USB Type-C
February 7, 2017 /
Samsung Galaxy TabPro S - a tablet with the Windows-keyboard
The first Windows-tablet with the 12-inch display Super AMOLED
June 7, 2016 /
Keyboards for iOS
Ten iOS keyboards review
July 18, 2015 /
Samsung E1200 Mobile Phone Review
A cheap phone with a good screen
March 8, 2015 / 4
Creative Sound Blaster Z sound card review
Good sound for those who are not satisfied with the onboard solution
September 25, 2014 / 2
Samsung Galaxy Gear: Smartwatch at High Price
The first smartwatch from Samsung - almost a smartphone with a small body
December 19, 2013 /
 
 

News Archive

 
 
SuMoTuWeThFrSa
      1
2345678
9101112131415
16171819202122
23242526272829
3031     




Poll

Do you use microSD card with your phone?
or leave your own version in comments (11)