Hold Security has announced that more than 4.5 billion records were stolen from more than 420,000 web and FTP sites.
The company is no stranger to breaches. In its line of work, Hold Security was responsible for identifying a data breach within Adobe Systems in October 2013 and another one in Target in February 2014 which led to more than 360 million credentials being sold on the black market.
This time, Mother Russia is involved.
In a research that lasted over seven months, Hold Security was able to identify a group of Russian hackers that have in their possession the biggest loot of stolen data to date. The company was not able to identify the group but dubbed them "CyberVors" in the meantime.
Mostly credentials make up the CyberVors loot, with around 12 billion of them unique and paired with more than half a billion email accounts. CyberVors was able to pull off the act by first using stolen credentials sourced from other hackers. These credentials were then used to attack websites to initiate a spam attack and install malicious scripts on legitimate systems. After this kind of attack, the group changed course and turned to botnet networks (a group of computers infected with viruses under the control of a criminal system) to widen their reach.
The botnet was able to identify SQL vulnerabilities in websites and used these to steal data from the sites. Data was stolen from both big and small enterprises and even personal websites so this meant everyone was a target. Unfortunately, Hold Security was not able to identify websites that have been compromised by CyberVors. Fortunately, it has products for companies and individuals interested in knowing if their credentials were part of the haul, available for $120 a year.
Because Hold Security's announcement strategically coincides with the Black Hat conference in Las Vegas, some are wary of the company's motives. But Alex Holde, Founder and Chief Information Security Officer for Hold Security said that it was because the company's findings had such a great impact to society that it was decided that the announcement has to be made.
While Hold Security's announcement still needs confirmation, Trend Micro Vice President for Technology and Solutions JD Sherry said that the attack isn't surprising. Peter Toren, a partner at Weisbrod, Matteis & Copley Plc, however, downplays the attack a little bit, saying people should first question what kinds of accounts were compromised, noting that email addresses and passwords are less valuable compared to Social Security numbers and credit card data.
