[QODLink]
Europe

Russian hackers 'stole 1.2 billion passwords'

US security firm says Russian group stole more than a billion internet usernames and passwords over several years.

Last updated: 07 Aug 2014 07:22
Email Article
Print Article
Share article
Send Feedback
The hackers had been collecting databases of personal information for years [Reuters]

A US security firm says Russian hackers have stolen 1.2 billion usernames and passwords in a series of internet heists affecting 420,000 websites.

According to Hold Security, the firm that uncovered the breach, the hackers had been collecting databases of personal information for years.

Alex Holden, Chief Information Security Officer at Hold Security, said on Wednesday that in April the group began deploying a new online attack technique that quickly shot from computer system to computer system as unwitting infected users visited random websites.

"Their data caches seemed to grow from April on at a rather alarming scale, getting them to what it is or what it was at the time," he said.

A native of Kiev who now lives in Milwaukee, Holden has conducted research that contributed to other exposures of major hacks, including a breach at Adobe that exposed tens of millions of customer records.

Tracked 'for months'

He said he had been tracking the Russian criminals for seven months, but only was able to begin reviewing their massive cache of databases during the past few weeks.

Holden timed his announcement to coincide with the annual Black Hat USA cybersecurity conference this week in Las Vegas, where it created quite a buzz.

Brian Krebs, who investigates online cybercrime and blogs about it, said his phone and email were inundated while he was at the conference on Wednesday with people asking about Holden's announcement.

"Alex isn't keen on disclosing his methods, but I have seen his research and data first hand and can say it's definitely for real," said Krebs.

"Without spilling his secrets or methods, it is clear that he has a first-hand view on the day-to-day activities of some very active organised cybercrime networks and actors."

Holden's discovery was revealed in the New York Times on Tuesday.

The identities of the websites that were broken into were not identified by the Times, which cited nondisclosure agreements that required Hold Security to keep some information confidential.

The reported break-ins are the latest incidents to raise doubts about the security measures that both big and small companies use to protect people's information online.

Security experts believe hackers will continue breaking into computer networks unless companies become more vigilant.

369

Source:
Agencies
Email Article
Print Article
Share article
Send Feedback
Featured on Al Jazeera
As Western stars re-release 1980s charity hit, many Africans say it's a demeaning relic that can do more harm than good.
At least 25 tax collectors have been killed since 2012 in Mogadishu, a city awash in weapons and abject poverty.
Tokyo government claims its homeless population has hit a record low, but analysts - and the homeless - beg to differ.
3D printers can cheaply construct homes and could soon be deployed to help victims of catastrophe rebuild their lives.
Featured
Pro-Russia leaders' election in Ukraine's east shows bloody conflict is far from a peaceful resolution.
Critics challenge Canberra's move to refuse visas for West Africans in Ebola-besieged countries.
A key issue for Hispanics is the estimated 11.3 million immigrants in the US without papers who face deportation.
In 1970, only two mosques existed in the country, but now more than 200 offer sanctuary to Japan's Muslims.
Hundreds of the country's reporters eke out a living by finding news - then burying it for a price.