The Independent’s journalism is supported by our readers. When you purchase through links on our site, we may earn commission.

Russian hacker gang amasses 'largest ever' database of online credentials

Fewer than a dozen hackers in their 20s amassed the data which includes passwords, emails and usernames - but no financial data

James Vincent
Thursday 07 August 2014 06:29
Comments
The eBay hackers elicited customers’ names,
encrypted passwords, email addresses, physical
addresses, phone numbers and dates of birth
The eBay hackers elicited customers’ names, encrypted passwords, email addresses, physical addresses, phone numbers and dates of birth

A group of Russian hackers have amassed the largest ever cache of stolen internet credentials, reportedly accumulating more than 1.2 billion user name and password combinations and more than 500 million email addresses.

News of the group’s efforts comes from US firm Hold Security, who were previously responsible for uncovering the Adobe Systems hack of some 38 million accounts last year.

Hold Security said the hackers, based in a small city in south-central Russia, took information from more than 420,000 websites.

“Hackers did not just target U.S. companies, they targeted any website they could get, ranging from Fortune 500 companies to very small websites,” Alex Holden, the founder and Hold Security told the New York Times. “And most of these sites are still vulnerable.”

The US firm has not disclosed the identity of any of the targets, but say that the Russian gang used an infected botnet to conduct “possibly the largest security audit ever”, probing hundreds of thousands of websites looking for weaknesses.

Although the stolen information does not include financial data such as credit card numbers, the sheer size and scope of the cache has been described as a threat to both consumers and companies.

The Times reports that so far little of the stolen data yet been put to use, and that those logins that have been exploited are mainly being used to send spam messages on social networks like Twitter.

Hold Security uncovered the existence of the stolen data after a 7 month investigation, identifying fewer than a dozen men in their 20s who make up the gang. The men know one another socially and reportedly divide their work “like a small company”.

Mr Holden said his firm had begun alerting affected companies but warned that many of the sites involved were still vulnerable. Experts have cautioned that although no financial data was stolen, the online credentials taken by the gang could be just as damaging in terms of identity theft.

Register for free to continue reading

Registration is a free and easy way to support our truly independent journalism

By registering, you will also enjoy limited access to Premium articles, exclusive newsletters, commenting, and virtual events with our leading journalists

Please enter a valid email
Please enter a valid email
Must be at least 6 characters, include an upper and lower case character and a number
Must be at least 6 characters, include an upper and lower case character and a number
Must be at least 6 characters, include an upper and lower case character and a number
Please enter your first name
Special characters aren’t allowed
Please enter a name between 1 and 40 characters
Please enter your last name
Special characters aren’t allowed
Please enter a name between 1 and 40 characters
You must be over 18 years old to register
You must be over 18 years old to register
Opt-out-policy
You can opt-out at any time by signing in to your account to manage your preferences. Each email has a link to unsubscribe.

By clicking ‘Create my account’ you confirm that your data has been entered correctly and you have read and agree to our Terms of use, Cookie policy and Privacy notice.

This site is protected by reCAPTCHA and the Google Privacy policy and Terms of service apply.

Already have an account? sign in

By clicking ‘Register’ you confirm that your data has been entered correctly and you have read and agree to our Terms of use, Cookie policy and Privacy notice.

This site is protected by reCAPTCHA and the Google Privacy policy and Terms of service apply.

Register for free to continue reading

Registration is a free and easy way to support our truly independent journalism

By registering, you will also enjoy limited access to Premium articles, exclusive newsletters, commenting, and virtual events with our leading journalists

Already have an account? sign in

By clicking ‘Register’ you confirm that your data has been entered correctly and you have read and agree to our Terms of use, Cookie policy and Privacy notice.

This site is protected by reCAPTCHA and the Google Privacy policy and Terms of service apply.

Join our new commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in