The security firm who discovered the breach has chosen not to name the victims, due to nondisclosure agreements and companies whose sites remain vulnerable.
The New York Times reported yesterday that a Russian crime ring had amassed the largest collection of stolen digital information- including 1.2 billion username and password combinations and more than 500 million email addresses. Hold Security, a firm in Milwaukee that discovered the breach, said that the confidential material had been gathered from 420,000 websites. Those domains range from household names to small internet sites.
“Hackers did not just target U.S. companies, they targeted any website they could get, ranging from Fortune 500 companies to very small websites,” said Alex Holden, founder and chief information security officer of Hold Security. “And most of these sites are still vulnerable.”
Holden noted that because Russian websites had also fallen victim to the attack, he felt there was no connection between the hackers and the Russian government. He also said he intended to notify the local law enforcement of the attack- despite that the Russian government has generally neglected to pursue accused hackers in the past.
The hacking ring is based in a small city in south central Russia. They began as amateur spammers in 2011- buying stolen databases of personal information from the black market. Using botnets (networks of computers infected with a computer virus), they were able to capture credentials on a large scale. The group includes fewer than a dozen men in their 20’s who know one another personally as well as virtually, and their servers are also thought to be in Russia.
There is growing concern among the security community that preventing personal information theft is becoming a losing battle. Last December, 40 million credit card numbers and 70 million addresses, phone numbers and other bits of personal information were stolen from Target by hackers in eastern Europe. Just last month, the European Central Bank was breached by hackers and the personal data of their customers was held for ransom.
Let us know your thoughts by commenting below.
Source: The New York Times
