Russian cyber gang steal 1.2 billion usernames & passwords

Data breach

A Russian cyber gang has reportedly stolen 1.2 billion online user names and passwords by raiding 420,000 FTP and web sites, US security researchers have revealed.

The team from Hold Security claim the haul could constitute the largest known data breach to date, and has warned end users that the consequences of it are likely to be far-reaching.

"Whether you are a computer expert or a technophobe, as long as your data is somewhere on the World Wide Web, you may be affected by this breach," the company said in a blog post.

The only real way of targeting this problem is to not use email addresses as logins.

"Your data has not necessarily been stolen from you directly. It could have been stolen from the service or goods providers to whom you entrust your personal information, from your employers, even from your friends and family."

The company has also been credited in the past with uncovering the Adobe Software data breach in October 2013, as well as the Target breach in December 2013.

The researchers have dubbed the gang in possession of the data "CyberVor" and claims they amassed their database of stolen usernames and passwords by acquiring them from fellow hackers on the black market.

Once in possession of these databases, the group are understood to have used to them to attack email providers and social media sites to distribute spam and install malicious redirections on legitimate sites.

"Earlier this year, the hackers altered their approach. Through the underground black market, the CyberVors got access to data from botnet networks. These used victims' systems to identify SQL vulnerabilities on the sites they visited...[and] conducted the largest security audit ever," the blog continues.

"Over 400,000 sites were identified to be potentially vulnerable to SQL injection flaws alone. The CyberVors uses these vulnerabilities to steal data from these sites' databases."

Mark James, security specialist at anti-virus firm ESET, said the techniques employed by the gang suggest they're a "very organised" group of individuals.

"The only real way of targeting this problem is to not use email addresses as logins," he said.

"Websites should give you the opportunity to use a login name that you have full control over, rather than just using the same email address across multiple sites."

And, to prevent others from being caught out by similar attacks, James reiterated the importance of using multiple passwords to access internet services.

"Do not reuse the same password anywhere, make small, simple changes that can be easily remembered by yourself and don't use dictionary words in your password.

"Even adding one or two random characters into a dictionary word can throw a brute force word search off course," James concluded.

Caroline Donnelly is the news and analysis editor of IT Pro and its sister site Cloud Pro, and covers general news, as well as the storage, security, public sector, cloud and Microsoft beats. Caroline has been a member of the IT Pro/Cloud Pro team since March 2012, and has previously worked as a reporter at several B2B publications, including UK channel magazine CRN, and as features writer for local weekly newspaper, The Slough and Windsor Observer. She studied Medical Biochemistry at the University of Leicester and completed a Postgraduate Diploma in Magazine Journalism at PMA Training in 2006.