Security Firm: Russian Hackers Stole More than a Billion Passwords

Aug. 7, 2014

Security Firm: Russian Hackers Stole More than a Billion Passwords On Tuesday, a Milwaukee-based security company said it has uncovered a Russian hacker ring that has stolen 1.2 billion unique logon credentials (username and password pairs) in data breaches all over the world. Unlike the data breaches that affected organizations like Target and Neiman Marcus, the Russian ring called CyberVor ("Vor" means "thief" in Russian) did not target payment-card information. With so many logons, however, hundreds of millions of individuals could be vulnerable to scams like account takeover and identity theft.

Hold Security, which announced its discovery at the global data-security conference Black Hat (and, on its Website in conjunction with a marketing pitch for its identity-monitoring and breach-notification services), said a seven-month investigation found the CyberVor gang collected 4.5 billion records (more than one billion of them unique) from more than 420,000 Websites. The company said the gang used botnets to conduct "possibly the largest security audit ever," nabbing information from sites it found to be vulnerable. And, the list of affected Websites was not restricted to large companies.

"The CyberVors did not differentiate between small or large sites. They didn’t just target large companies; instead, they targeted every site that their victims visited. With hundreds of thousands sites affected, the list includes many leaders in virtually all industries across the world, as well as a multitude of small or even personal Websites."