Skip to main content
  1. Home
  2. Computing
  3. Mobile
  4. Web
  5. Legacy Archives

Security firm claims hackers in Russia stole more than a billion usernames and passwords

Add as a preferred source on Google

A gang operating in Russia is reportedly in possession of a staggering 1.2 billion usernames and passwords in a massive hack involving more than 420,000 websites, including many operated by high-profile companies.

Online security firm Hold Security reported details of the hack on Tuesday, describing it as “the largest data breach known to date.”

Recommended Videos

In a report titled “You have been hacked,” Hold Security said the gang, which it dubbed CyberVor (‘vor’ means ‘thief’ in Russian), had initially acquired databases of credentials from other hackers operating on the black market.

“These databases were used to attack e-mail providers, social media, and other websites to distribute spam to victims and install malicious redirections on legitimate systems,” the firm said.

Related: Tips on how to pick a strong password

CyberVor later changed its approach, switching to botnet-based methods to build its collection of stolen data. According to the Milwaukee-based security firm, which has been researching the case for the last seven months, these botnets helped the gang to identify around 420,000 vulnerable websites.

“Whether you are a computer expert or a technophobe, as long as your data is somewhere on the World Wide Web, you may be affected by this breach,” the security firm warned, adding, “Your data has not necessarily been stolen from you directly. It could have been stolen from the service or goods providers to whom you entrust your personal information, from your employers, even from your friends and family.”

Solutions

In its report, Hold Security touted a number of its own services as solutions for bolstering website security, securing data online, and discovering whether your data is in the gang’s possession. While its apparent eagerness to promote its services may cause some to raise an eyebrow over the veracity of its findings, the NY Times reported that an independent online security expert acting on its behalf had examined Hold Security’s research, including the stolen data, and confirmed it to be genuine.

The NY Times said that Hold Security declined to make public any of the affected companies, citing “nondisclosure agreements and a reluctance to name companies whose sites remained vulnerable,” adding that some of them had been told their records were among the stolen data.

The security firm has a track record for uncovering similar high-profile incidents, including the Adobe attack last year involving 38 million accounts. It also identified and tracked the Target security breach earlier this year which saw login and password information for around 360 million accounts posted online.

Following Hold Security’s latest findings, it could be time for you to embark on yet another laborious password-changing session. When trying to figure out a new one, you should keep these tips on how to create a rock-solid password in mind. Enabling two-step verification with online accounts offering the option would also be a wise move.

Trevor Mogg
Contributing Editor
Not so many moons ago, Trevor moved from one tea-loving island nation that drives on the left (Britain) to another (Japan)…
How to install macOS 27 Golden Gate public beta on your Mac?
From a smarter Siri to a more reliable Spotlight, here's your full walkthrough for installing macOS 27 Golden Gate's public beta today.
macOS 27 Golden Gate

Along with iOS 27’s public beta, Apple has also released macOS 27 Golden Gate’s public beta build, so that early adopters can get their hands on the new features, including Siri AI, and provide timely feedback to help ensure a stable iOS launch in September. 

If you’re sold on all the new features but don’t want to put your faithful MacBook through developer beta duty, a public beta offers a much more refined experience. To install macOS 27’s public beta, follow the steps given below. 

Read more
Microsoft is finally fixing the worst thing about Windows Search, but you can’t try it just yet
Windows Insiders in the Experimental channel are getting a Search experience that finally feels less of a billboard and more of what users actually need.
Page, Text, Person

Windows Search has been a mess for years, and I do not use that word lightly. Open it to find a file, and you get trending Bing topics, Microsoft Store promotions, and an AI tools tile that just opens a browser. 

That is changing, but not immediately for all users. Microsoft is rolling out a batch of Windows Search improvements to Insiders in the Experimental channel, and for once, this isn't just a fresh coat of paint.

Read more
Apple doesn’t want to share this AirPods feature with Meta, but the EU may force its hand
Spring 2027, EU only, built under DMA pressure.
The front of the Ray-Ban Meta smartglasses.

I’ve been an AirPods user for the last four years, and one of the things that makes it genuinely hard to leave behind is the seamless, almost magical pairing experience across devices. Open an AirPods case near your iPhone, and a pop-up appears within seconds. Switch to your Mac and the audio follows. 

However, the experience is limited only to Apple devices. Doesn’t matter whether you have one of the coolest pieces of tech on the market right now; if it’s not Apple, it won’t get the same treatment. However, that might change for the Meta Quest or the Ray-Ban Meta glasses, thanks to pressure from the EU. 

Read more