A gang of Russian hackers has collected a total of 1.2 billion login credentials, including more than 500 million unique email addresses, from more than 420,000 websites all over the world.
Milwaukee-based cybersecurity firm Hold Security, which has a history of discovering significant security breaches including the massive hack of Adobe Systems affecting tens of millions of usernames and passwords, first disclosed the news to the New York Times late Tuesday.
Alex Holden, founder and chief information officer at Hold Security, says the hacking ring operates off a small city in Russia's south central borders, just between Kazakhstan and Mongolio. The group is composed of less than a dozen men in their 20s who personally know one another, unlike several other operations that involved the hackers only knowing one another online.
"There is a division of labor within the gang," says Holden. "Some are writing the programming, some are stealing the data. It's like you would imagine a small company; every one is trying to make a living."
Holden says the group began as a fly-by-night spammers' group in 2011 that amassed a database of stolen login credentials by purchasing from other hacking operations, but recently grew its operations in April, prompting Holden to believe that the group has partnered with a bigger entity to advance its activities. Specifically, the gang has began using a botnet to perform SQL injections on vulnerable websites to capture user information. While many operations make money by selling their databases to other hackers, this group charges fees for using the stolen credentials to send spam to social networks.
"They used to be bottom feeders, buying at fire sales," says Holden. "Over time, they started buying better quality databases. It's kind of like graduating from stealing bicycles to stealing expensive cars."
Although Holden declined to disclose the gang's location and the names of websites affected, he says the breach affects any website the hackers could get into, including websites of Fortune 500 companies and small websites. He also warns that these websites could still be vulnerable, which is why Hold Security is attempting to alert the websites affected.
This is the latest in a long series of online security breaches that indicate who is on the losing end in the cybersecurity battle. In December last year, hackers from Eastern Europe obtained more than 70 million email addresses and 40 million credit card numbers from retail chain Target's databases. Two months before that, around 200 million individuals' credit card and bank account information were stolen from Court Ventures, a company owned by financial services provider Experian.
Holden announced details of the attack this week to coincide with cybersecurity discussions to be held at the Black Hat hackers' conference in Las Vegas on Thursday.