You were afraid that your password is not strong enough? Fear no more, because it actually might not matter that much. You might have heard about many passwords and email lists being leaked or hacked, but this is the largest action of a kind ever recorded. New York Times reports about a Russian gang who amassed the largest collection of stolen credentials. The Russian hackers stole 1.2 billion usernames and passwords and more than 500 million emails.
Recently Google announced a grandiose project, Project Zero, meant to ensure security over the internet, with the hope that increased trust will attract more internet users. Maybe that will stop this type of large scale hacking.
The Milwaukee-based company Hold Security discovered the fact. They say that more than 420.000 websites are victims of the large scale action. No names have been disclosed yet, but we can imagine that some of the largest and used websites are among them. Hold Security seems to be a reliable source, according to the New York Times, as they uncovered similar actions in the past.
“Hackers did not just target U.S. companies, they targeted any website they could get, ranging from Fortune 500 companies to very small websites,” said Alex Holden, the founder and chief information security officer of Hold Security for the New York Times. “And most of these sites are still vulnerable.”
Russian hackers stole a billion password combinations to use it for social network spamming
Until now, the hackers did not offer databases for sale. Instead, they use the stolen information for spamming. Social networks like Twitter are among the victims, with the hackers spamming users while receiving payments for their actions from clients.
“There is a division of labor within the gang,” Mr. Holden said. “Some are writing the programming, some are stealing the data. It’s like you would imagine a small company; everyone is trying to make a living.”
Hold Security has contacts with the hacker world that allow them to trace the activities. They know that this is the action of a Russian gang based in a small city from south central Russia. No more than a dozen men activate compose the gang and they know each other outside of the virtual world as well. Starting as amateurs in 2011, they speeded up their activity in the recent months, possibly after a partnership with another gang. Even if the Russian hackers stole the credentials for spamming, they might use it for other purposes besides spamming.