Russian hackers steal 1.2 billion passwords from major companies: researchers
August 7, 2014, 12:00 am TWN
WASHINGTON -- Russian hackers stole 1.2 billion Internet credentials from major U.S. companies and others around the world in what is likely the biggest data breach ever, security researchers said Tuesday.
The U.S. firm Hold Security said the gang, which it dubbed "CyberVor," collected confidential user names and passwords were stolen from some 420,000 websites, ranging from household names to small Internet sites.
"As long as your data is somewhere on the World Wide Web, you may be affected by this breach," Hold said in a statement on its website.
"Your data has not necessarily been stolen from you directly. It could have been stolen from the service or goods providers to whom you entrust your personal information, from your employers, even from your friends and family."
The security firm, which specializes in research on large data breaches, said the cybergang acquired databases of stolen credentials from fellow hackers on the black market, and then installed malware that allowed them to gain access to many websites and social media accounts.
"To the best of our knowledge, they mostly focused on stealing credentials, eventually ending up with the largest cache of stolen personal information, totaling over 1.2 billion unique sets of e-mails and passwords," the researchers said.
"The CyberVors did not differentiate between small or large sites. They didn't just target large companies; instead, they targeted every site that their victims visited. With hundreds of thousands sites affected, the list includes many leaders in virtually all industries across the world, as well as a multitude of small or even personal websites."
The researchers dubbed the hacker group CyberVor, using the Russian word "vor" for thief.
The New York Times first reported the breach, and said the group of hackers based their operation in south central Russia, flanked by Kazakhstan and Mongolia, the report said.
The Times said the group includes fewer than a dozen men in their 20s and that their computer servers are believed to be in Russia.