Over 1.2 billion unique pairs of usernames and passwords were dumped from secure databases into the hands of Russian hackers, after the servers behind approximately 420,000 websites were feed malicious commands from the cyber-gang.
And the statistic is rising as the hackers are using a technique called SQL injection, says Alex Holden, the founder and chief information security officer of Hold Security. Holden says the hackers target any website they can, including many outside of the U.S., and warns the group continues to exploit the vulnerabilities.
The compromised sites range from Fortune 500 companies to small websites, Holden says The affected sites remain unnamed, as they are still under threat from the hacker collective.
Operating out of a single city in Central Russia, the perpetrators of the record-breaking breach have been described as a close-knit group of one-time "bottom feeders." Because of the friendships between the hackers, money hasn't been able to deteriorate their structure, according to Holden.
"The gang started by just buying the databases that were available over the Internet," says Holden. "They used to be bottom feeders, buying at fire sales. Over time, they started buying better-quality databases. It's kind of like graduating from stealing bicycles to stealing expensive cars."
While Holden has refused to name the city in which the hackers have set up operations, he offered some insight into how they work.
"There is a division of labor within the gang," Holden says. "Some are writing the programming, some are stealing the data. It's like you would imagine a small company; everyone is trying to make a living."
Holden's company, Hold Security, was able to catch a glimpse inside of the hacker collective's operations by establishing a relationship with the group online, he says. The initial set of breaches were so widespread, Holden says he even saw some of his account details listed among the collection of data the hackers had stolen.
In July, the U.S. Computer Emergency Readiness team reported that hackers were using a family of malware tools, known as "Backoff," to intercept financial data from retail point-of-sale systems.
Avivah Litan, a security analyst at the research firm Gartner, expects that these large-scale database intrusions will only increase in size and frequency, until companies strengthen security policies and procedures.
"Companies that rely on user names and passwords have to develop a sense of urgency about changing this," says Litan. "Until they do, criminals will just keep stockpiling people's credentials."