Russian hackers amass 1.2 billion emails and passwords


By Andrew Collins
Tuesday, 12 August, 2014


Russian hackers amass 1.2 billion emails and passwords

A Russian gang has collected a cache of 1.2 billion unique credentials - pairs of emails and passwords - according to information security firm Hold Security. But there is dissent in the security community about the legitimacy of the report.

Hold Security said last week that it had “discovered what could be arguably the largest data breach known to date”.

The firm said it conducted a seven-month investigation that identified a Russian “cyber gang” currently in possession of the credentials. “While the gang did not have a name, we dubbed it “CyberVor” (“vor” meaning “thief” in Russian),” the firm said.

According to the firm, the gang collected over 4.5 billion records, most of which are stolen credentials.

“1.2 billion of these credentials appear to be unique, belonging to over half a billion email addresses. To get such an impressive number of credentials, the CyberVors robbed over 420,000 web and FTP sites,” the firm said.

Hold Security said the gang initially acquired databases of stolen credentials from other hackers on the black market.

“These databases were used to attack email providers, social media and other websites to distribute spam to victims and install malicious redirections on legitimate systems,” the firm wrote.

Then earlier this year, the group altered its approach. “Through the underground black market, the CyberVors got access to data from botnet networks (a large group of virus-infected computers controlled by one criminal system).”

The botnets used victims’ computers to identify SQL vulnerabilities on the sites that victims visited, effectively conducting “possibly the largest security audit ever”, the firm said. The gang then used these vulnerabilities to steal data from these sites’ databases, mostly focusing on stealing credentials, and “eventually ending up with the largest cache of stolen personal information, totalling over 1.2 billion unique sets of emails and passwords”.

The affected

The gang cast a wide net, targeting “every site that their victims visited”, Hold Security said. The list of the affected therefore includes “many leaders in virtually all industries across the world, as well as a multitude of small or even personal websites”.

According to the company’s website, Hold Security was founded by Alex Holden, who it says “worked for over 10 years as the Chief Information Security Officer for a large brokerage firm in the United States”.

Holden is quoted in the NYT as saying that “most of these sites are still vulnerable”.

NYT also engaged an unnamed security expert - one unaffiliated with Hold Security - to analyse the database of stolen credentials and confirm that it was authentic.

The paper reported that the gang has so far not sold many of the records online, instead using the stolen data to spend spam on social networks on behalf of others, for a fee.

According to the paper, the gang is based in a small city in south central Russia and comprises fewer than a dozen men in their 20s.

How real is this?

Some in the infosec community have questioned the legitimacy of Hold’s claims.

David Emm, senior researcher with security firm Kaspersky, told the Guardian: “Nothing has been released by an established security company - I personally haven’t come across Hold Security before - and we’ve had no information on the companies affected, or whether they’re still vulnerable. There’s just what seems to me to be a pretty vague claim of the largest security breach to date.”

However, Brian Krebs of KrebsOnSecurity.com vouched for both Holden and Hold Security’s report.

“I’ve known Hold Security’s founder Alex Holden for nearly seven years. Alex is a talented and tireless researcher, as well as a forthright and honest guy. His research has been central to several of my big scoops over the past year, including the breach at Adobe that exposed tens of millions of customer records,” Krebs wrote.

“I have seen his research and data firsthand and can say it’s definitely for real,” Krebs continued.

Hold Security’s website lists Krebs as a ‘Special Advisor’ to the firm.

Image courtesy Zodman under CC

Related Articles

Strategies for navigating Java vulnerabilities

Java remains a robust and widely adopted platform for enterprise applications, but staying ahead...

Not all cyber risk is created equal

The key to mitigating cyber exposure lies in preventing breaches before they happen.

How AI can help businesses manage their cyber risks

Artificial intelligence can be a powerful ally in the fight against cyberthreats.


  • All content Copyright © 2024 Westwick-Farrow Pty Ltd