Results 1 to 1 of 1
-
6th Aug 2014, 05:26 PM #1
1.2 Billion Unique Credentials, 500 Million Email Addresses Stolen by Russian Cyber Gang
After a research of more than seven months, a security company from the United States discovered that a Russian cyber gang managed to collect 1.2 billion unique credentials from more than 420,000 websites and FTP locations.
The cybercriminals were indiscriminate as far as the breached sites were concerned, targeting websites of both small businesses and larger ones.
Discovered by Hold Security firm in Milwaukee, the total amount of stolen records is 4.5 billion, and apart from credentials consisting of names and passwords, the database also contains more than 500 million email addresses, linked to those credentials.
The company named the gang currently holding all this information CyberVor, “vor” standing for “thief” in Russian.
Acquiring the data, which is the largest known collection in history, could be achieved through the simplest and common (although quite efficient as CyberVor demonstrated) form of attack: SQL injection.
However, the operation was conducted at a large scale from the beginning. After getting some databases with stolen credentials from other hackers on the black market, CyberVor gang used them “to attack e-mail providers, social media, and other websites to distribute spam to victims and install malicious redirections on legitimate systems,” explains a post from the company.
The group changed their method at the beginning of the year and got access to information from different botnets that were basically scanning the Internet for websites with SQL vulnerabilities.
According to Hold Security, the infected machines would check for SQL weak spots on every site they accessed. It is believed that the infected systems “conducted possibly the largest security audit ever. Over 400,000 sites were identified to be potentially vulnerable to SQL injection flaws alone.”
Even if the numbers appear mind-blowing at first glance, there is a good chance that the amount of valid information amassed by the cybercriminals is lower. One reason for this is that, with so many online services requesting registration of an account, there are plenty of users that rely on a disposable email address in the process.
Hold Security advises companies to check their websites for SQL injection vulnerabilities, since there is a great possibility that most of them are still susceptible to exploitation.
The Milwaukee-based security firm is not new on the scene of uncovering big data leaks. They were the ones that identified a breach on Adobe Systems in October 2013, in which source code (40GB of encrypted archives) from their flagship products became available on servers of known hackers.
They also identified and tracked the incident at Target that caused data on 40 million credit and debit cards to be leaked along with guest information on another 70 million individuals.Kepler Reviewed by Kepler on . 1.2 Billion Unique Credentials, 500 Million Email Addresses Stolen by Russian Cyber Gang http://i1-news.softpedia-static.com/images/news-700/1-2-Billion-Unique-Credentials-500-Million-Email-Addresses-Stolen-by-Russian-Cyber-Gang.jpg After a research of more than seven months, a security company from the United States discovered that a Russian cyber gang managed to collect 1.2 billion unique credentials from more than 420,000 websites and FTP locations. The cybercriminals were indiscriminate as far as the breached sites were concerned, targeting websites of both Rating: 5
Sponsored Links
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Similar Threads
-
15 Billion Downloads And 500,000+ Apps Later, The iPhone, iPad App Store Celebrates I
By Bretteo in forum News & Current EventsReplies: 0Last Post: 21st Feb 2012, 12:11 AM -
Google Hits One Billion Unique Visits In a Month
By Daniel in forum News & Current EventsReplies: 7Last Post: 23rd Jun 2011, 08:15 PM -
How To Get @MSN.com Email Address by HostGee
By hostgee in forum Tutorials and GuidesReplies: 22Last Post: 4th Aug 2010, 06:55 AM -
GMail showing all receiver email addresse?
By kohkindachi in forum Webmaster DiscussionReplies: 6Last Post: 2nd Jul 2010, 02:20 PM -
10MinuteMail.com | Stop Junk | Temp Email Address
By robotronik in forum Useful SitesReplies: 2Last Post: 26th Jan 2010, 02:25 AM
themaManager - edit and manage...
Version 4.04 released. Open older version (or...