Russian Gang Amasses Over a Billion Internet Passwords

Saint in Paradise · 6 August, 2014

By NICOLE PERLROTH and DAVID GELLES | The New York Times

A Russian crime ring has amassed the largest known collection of stolen Internet credentials, including 1.2 billion username

and password combinations and more than 500 million email addresses, security researchers say.

The records, discovered by Hold Security, a firm in Milwaukee, include confidential material gathered from 420,000 websites,

ranging from household names to small Internet sites. Hold Security has a history of uncovering significant hacks, including

the theft last year of tens of millions of records from Adobe Systems.

“Hackers did not just target U.S. companies, they targeted any website they could get, ranging from Fortune 500 companies to

very small websites,” said Alex Holden, the founder and chief information security officer of Hold Security. “And most of these

sites are still vulnerable.”

“They audited the Internet,” Mr. Holden said. It was not clear, however, how computers were infected with the botnet in the

first place.

By July, criminals were able to collect 4.5 billion records — each a username and password — though many overlapped. After

sorting through the data, Hold Security found that 1.2 billion of those records were unique. Because people tend to use multiple

emails, they filtered further and found that the criminals’ database included about 542 million unique email addresses.

“Most of these sites are still vulnerable,” said Mr. Holden, emphasizing that the hackers continue to exploit the vulnerability and

collect data.

Mr. Holden said his team had begun alerting victimized companies to the breaches, but had been unable to reach every website.

He said his firm was also trying to come up with an online tool that would allow individuals to securely test for their information

in the database.

.

Edited 6 August, 2014 by Saint in Paradise

Recommended Posts