In what could be the greatest internet security breach to date, a gang of Russian hackers hasve stolen more than 1 billion computer passwords and user names.
A highly cited report by Hold Security suggests that Russian hackers have collected 1.2 billion user names and passwords, belonging to approximately 500 million people.
According the several media reports, including The New York Times, the Russian hackers, who do not appear to be connected to the Russian government, broke into 420,000 websites — big and very small — and stole users credentials: passwords and user names.
“Hackers did not just target U.S. companies, they targeted any website they could get, ranging from Fortune 500 companies to very small websites,” Hold’s founder chief information security officer, Alex Holden, told the Times. “And most of these sites are still vulnerable.”
Mr. Holden described to The New York Times some of the details about the Russian hackers. They are based in a small city in south central Russia, the region flanked by Kazakhstan and Mongolia. Holden said the group includes less than 12 men who are personally acquainted with one another. Holden indicated he believed the computer servers are in Russia.
“There is a division of labor within the gang,” Mr. Holden said to the Times. “Some are writing the programming, some are stealing the data. It’s like you would imagine a small company; everyone is trying to make a living.”
The Milwaukee-based security firm, Hold, did not disclose the victims of the massive security breach.
Hold Security has a track record of disclosing security breaches. In October, 2013, Hold disclosed the source codes of Adobe Systems flagship products had been hacked. In the Adobe case, tens of million of records were stolen.
The Russian hacking is the latest, and greatest, hacking case to attract worldwide attention. Last December, more than 40 million credit card numbers, and other personal information were stolen from Target. The thieves in that case were based in Eastern Europe.
In October of 2013, U.S. prosecutors charged that hackers on Vietnam managed to steal 200 million personal records, including bank account numbers, credit card information, and Social Security numbers from a data brokerage firm.