After a research of more than seven months, a security company from the United States discovered that a Russian cyber gang managed to collect 1.2 billion unique credentials from more than 420,000 websites and FTP locations.



The cybercriminals were indiscriminate as far as the breached sites were concerned, targeting websites of both small businesses and larger ones.

Discovered by Hold Security firm in Milwaukee, the total amount of stolen records is 4.5 billion, and apart from credentials consisting of names and passwords, the database also contains more than 500 million email addresses, linked to those credentials.

The company named the gang currently holding all this information CyberVor, “vor” standing for “thief” in Russian.

Acquiring the data, which is the largest known collection in history, could be achieved through the simplest and common (although quite efficient as CyberVor demonstrated) form of attack: SQL injection.

However, the operation was conducted at a large scale from the beginning. After getting some databases with stolen credentials from other hackers on the black market, CyberVor gang used them “to attack e-mail providers, social media, and other websites to distribute spam to victims and install malicious redirections on legitimate systems,” explains a post from the company.

The group changed their method at the beginning of the year and got access to information from different botnets that were basically scanning the Internet for websites with SQL vulnerabilities.

According to Hold Security, the infected machines would check for SQL weak spots on every site they accessed. It is believed that the infected systems “conducted possibly the largest security audit ever. Over 400,000 sites were identified to be potentially vulnerable to SQL injection flaws alone.”

Even if the numbers appear mind-blowing at first glance, there is a good chance that the amount of valid information amassed by the cybercriminals is lower. One reason for this is that, with so many online services requesting registration of an account, there are plenty of users that rely on a disposable email address in the process.

Hold Security advises companies to check their websites for SQL injection vulnerabilities, since there is a great possibility that most of them are still susceptible to exploitation.

The Milwaukee-based security firm is not new on the scene of uncovering big data leaks. They were the ones that identified a breach on Adobe Systems in October 2013, in which source code (40GB of encrypted archives) from their flagship products became available on servers of known hackers.

They also identified and tracked the incident at Target that caused data on 40 million credit and debit cards to be leaked along with guest information on another 70 million individuals.
Kepler Reviewed by Kepler on . 1.2 Billion Unique Credentials, 500 Million Email Addresses Stolen by Russian Cyber Gang http://i1-news.softpedia-static.com/images/news-700/1-2-Billion-Unique-Credentials-500-Million-Email-Addresses-Stolen-by-Russian-Cyber-Gang.jpg After a research of more than seven months, a security company from the United States discovered that a Russian cyber gang managed to collect 1.2 billion unique credentials from more than 420,000 websites and FTP locations. The cybercriminals were indiscriminate as far as the breached sites were concerned, targeting websites of both Rating: 5