Skip to main content

Security firm claims hackers in Russia stole more than a billion usernames and passwords

A gang operating in Russia is reportedly in possession of a staggering 1.2 billion usernames and passwords in a massive hack involving more than 420,000 websites, including many operated by high-profile companies.

Online security firm Hold Security reported details of the hack on Tuesday, describing it as “the largest data breach known to date.”

Recommended Videos

In a report titled “You have been hacked,” Hold Security said the gang, which it dubbed CyberVor (‘vor’ means ‘thief’ in Russian), had initially acquired databases of credentials from other hackers operating on the black market.

“These databases were used to attack e-mail providers, social media, and other websites to distribute spam to victims and install malicious redirections on legitimate systems,” the firm said.

Related: Tips on how to pick a strong password

CyberVor later changed its approach, switching to botnet-based methods to build its collection of stolen data. According to the Milwaukee-based security firm, which has been researching the case for the last seven months, these botnets helped the gang to identify around 420,000 vulnerable websites.

“Whether you are a computer expert or a technophobe, as long as your data is somewhere on the World Wide Web, you may be affected by this breach,” the security firm warned, adding, “Your data has not necessarily been stolen from you directly. It could have been stolen from the service or goods providers to whom you entrust your personal information, from your employers, even from your friends and family.”

Solutions

In its report, Hold Security touted a number of its own services as solutions for bolstering website security, securing data online, and discovering whether your data is in the gang’s possession. While its apparent eagerness to promote its services may cause some to raise an eyebrow over the veracity of its findings, the NY Times reported that an independent online security expert acting on its behalf had examined Hold Security’s research, including the stolen data, and confirmed it to be genuine.

The NY Times said that Hold Security declined to make public any of the affected companies, citing “nondisclosure agreements and a reluctance to name companies whose sites remained vulnerable,” adding that some of them had been told their records were among the stolen data.

The security firm has a track record for uncovering similar high-profile incidents, including the Adobe attack last year involving 38 million accounts. It also identified and tracked the Target security breach earlier this year which saw login and password information for around 360 million accounts posted online.

Following Hold Security’s latest findings, it could be time for you to embark on yet another laborious password-changing session. When trying to figure out a new one, you should keep these tips on how to create a rock-solid password in mind. Enabling two-step verification with online accounts offering the option would also be a wise move.

Trevor Mogg
Contributing Editor
Not so many moons ago, Trevor moved from one tea-loving island nation that drives on the left (Britain) to another (Japan)…
Hackers just stole personal data from millions of Acer customers
acer swift 3 13 2019 review acerswift3132019

Acer has just confirmed that its servers were beached by a group of hackers called Desorden. The hackers managed to steal over 60 gigabytes worth of data containing sensitive information about millions of Acer's customers.

The compromised information includes the names, addresses, and phone numbers of several million clients, but also restricted corporate financial data.

Read more
Hacker tries to poison the water supply of a Florida city
teflon water supply dangerous faucet

 

A computer hacker attempted to poison the water supply of a city in Florida, local police  on Monday, February 8.

Read more
The robot takeover comes another step closer — at Amazon
An Amazon robot working inside one of the company's warehouses.

Amazon is close to having more robots operating inside its warehouses than humans after the e-commerce giant announced this week that it now has more than a million robots working at its facilities around the world.

Over the years, Amazon has spent billions of dollars on the development and deployment of warehouse-based robots, which handle an array of tasks once performed by human workers.

Read more