A Russian gang has potentially compromised more than 1-billion online users’ credentials.
Hold Security’s Deep Web Monitoring practice, in conjunction with its Credential Integrity Services, discovered what could be arguably the largest data breach known to date.
“Whether you are a computer expert or a technophobe, as long as your data is somewhere on the World Wide Web, you may be affected by this breach,” the company says on its blog. “Your data has not necessarily been stolen from you directly. It could have been stolen from the service or goods providers to whom you entrust your personal information, from your employers, even from your friends and family.”
After more than seven months of research, Hold Security identified a Russian cyber gang which is currently in possession of the largest cache of stolen data. While the gang did not have a name, we dubbed it “CyberVor” (“vor” meaning “thief” in Russian).
The CyberVor gang amassed over 4,5-billion records, mostly consisting of stolen credentials.
1,2-billion of these credentials appear to be unique, belonging to over half a-billion e-mail addresses. To get such an impressive number of credentials, the CyberVors robbed over 420 000 Web and FTP sites.
Hold Security reveals that, initially, the gang acquired databases of stolen credentials from fellow hackers on the black market. These databases were used to attack e-mail providers, social media, and other Websites to distribute spam to victims and install malicious redirections on legitimate systems.
Earlier this year, the hackers altered their approach. Through the underground black market, the CyberVors got access to data from botnet networks (a large group of virus-infected computers controlled by one criminal system).
These botnets used victims’ systems to identify SQL vulnerabilities on the sites they visited. The botnet conducted possibly the largest security audit ever. Over 400,000 sites were identified to be potentially vulnerable to SQL injection flaws alone. The CyberVors used these vulnerabilities to steal data from these sites’ databases.
“To the best of our knowledge, they mostly focused on stealing credentials, eventually ending up with the largest cache of stolen personal information, totalling over 1,2-billion unique sets of e-mails and passwords,” the company writes.
The CyberVors did not differentiate between small or large sites. They didn’t just target large companies; instead, they targeted every site that their victims visited. With hundreds of thousands sites affected, the list includes many leaders in virtually all industries across the world, as well as a multitude of small or even personal Websites.
“While 4,5-billion credentials seems like an impossible number, but just think of how many sites require you to register your e-mail address and, let’s face it, almost everyone re-uses their passwords,” according to Hold Security.
“So, it’s not hard to see how some of us could have been victimized more than once. A credential pair is a combination of user ID (mostly e-mail) and password and we have discovered 1,2-billion of such unique pairs that have been breached.
“If we narrow it down by unique e-mail addresses, we still have over half a-billion records since there may be multiple password corresponding to a single e-mail address. Not all of them are valid or current.
“Some people use fake e-mail addresses, in other cases the CyberVor gang might have stolen credentials that belonged to an e-mail address that you no longer have (for instance, something you used with your previous employer) or a password that you haven’t used for over a decade, or even a default password automatically assigned to you by a Website. Yet the sheer number of credentials can potentially open a door to many systems and accounts.”