Russians hackers stole more than 1.2 billion usernames and passwords in a series of attacks on about 420,000 websites, the largest known collection of stolen Internet credentials.
So far, the stolen information did not seem to have been sold. Most of the accounts hav been used to deliver marketing schemes and other viral messages.
The breach was discovered by Wisconsin-based information security company Hold Security, and reported by New York Times.
More than 420,000 websites, including some unnamed but reportedly major ones, fell victim to the remarkably rudimentary hack over the several years the cybercrime ring has been operational, according to the Times.
Alex Holden, founder of the company, told the newspaper that most sites invaded by hackers remain vulnerable to attacks. Apart from stealing passwords, criminals also accessed 500 million e-mail, which could help them to perform other invasions.
“Hackers did not just target U.S. companies, they targeted any website they could get, ranging from Fortune 500 companies to very small websites,” said Alex Holden, the founder and chief information security officer of Hold Security. “And most of these sites are still vulnerable.”
The report confirms that stolen database and credentials are authentic, but the information about users affected by this breach will not be made public citing nondisclosure agreements. However, Alex doesn’t see any connection between Russian hackers and the Russian government.
To security experts, such invasions put into question the methods used by large and small companies to protect the information of its customers. At the same time cyber criminals will continue to steal data on the Internet if companies do not become more vigilant.