Russian hackers grab 4.5 billion records

Russian hackers grab 4.5 billion records

by Gary Oldwood on 7 August 2014 · 2273 views

Graphic that visualizes a digital terror (it's rather cute to me though).

Yes, you read the title correctly; 4.5 billion records were stolen by a Russian group dubbed “CyberVor” (“vor” means “thief” in Russian). The company who identified the large data theft (and who also gave name to the group), Hold Security, had been researching for more than seven months before it actually confirmed the possession of those stolen records.

Probably the biggest data theft in history

From the 4.5 billion records the hackers got, 1.2 billion of them are stolen passwords which belong to over 500 million e-mail addresses. The stolen information comes from more than 420.000 websites and FTP servers that were hacked.

Hold Security claims that in the beginning of their actions, the CyberVors used to acquire databases that consisted of stolen usernames and passwords via the black market, and then use them in order to distribute spam and install malicious redirections on legitimate systems. But after a while they got access to data from botnet networks (again through the black market), which provided them access to virus-infected computers that they used find SQL vulnerabilities on websites the victims visited. This scheme allowed them to identify more than 400.000 websites that had potential SQL injection vulnerabilities. And that’s how they eventually gathered this incredibly big number of unique sets of emails and passwords.

From this information we can see that CyberVors did not perform a targeted attack, but rather grabbed whatever their victimized computers served them. The stolen records could belong to websites ranging from well-known industries to small, personal blogs. The 1.2 billion passwords included in the stolen data belong to more than 500 million emails. What this means is that some email addresses are paired to more than one password, and that you may have had your account in more than one websites hacked.

Who is Hold Security?

Hold Security is company that specializes in cyber security. They uncovered a hack at Adobe Systems in San Jose last October, which allowed hackers to steal millions of files, they identified and tracked the Target Breach that resulted in the stealing of 40 million credit cards and 70 million email addresses from the retailers servers last December, and they were also responsible for the identification of 360 million stolen credentials trafficked on the black market in February.

Hold Security however does not release a list of the websites that were hit by the CyberVors, raising questions around the validity of the hack. Instead, a service is offered to all websites for a yearly fee of 120$ that will confirm whether or not they are included in the list, plus will have their systems checked further for other vulnerabilities. When asked about this service by the Wall Street Journal, Alan Holder (Hold Security’s founder and CEO) wanted to avoid discussing details about the hackers’ whereabouts and names in case law enforcement has an ongoing investigation. In addition, he said that the charge to websites for this service is simply to cover for their own investigation costs.

Individuals can check for free if their email is on the list by signing up for the Consumer Hold Identity Protection Service. The service will be free for the first 30 days and its members will know whether their details are found in a list in the future.

This is undoubtedly a big matter and should not be taken lightly by website owners. As for users, it is recommended that they change their passwords frequently in order to avoid compromises of their accounts.

Comments (0)
Featured Articles