Massive global ID theft nets 1.2 billion passwords

Cyber-attack by Russian criminals targets 420,000 websites, according to US security firm claiming to have discovered the breach.
Learn more

01.US security firm Hold Security unveils breach

Image of unlocked red padlock surrounded by locked blue padlocks

A Russian crime group made up of fewer than a dozen men is allegedly sitting on a massive collection of stolen online credentials. The hackers are reported to have amassed 1.2 billion username and password combination, on top of more than 500 million email addresses from websites across the world.

US security firm Hold Security discovered the breach, which targeted around 420,000 websites. In a statement to the New York Times, founder and chief information security officer of Hold Security, Alex Holden, said the criminals targeted everyone from Fortune 500 companies to minor websites.

While difficult to verify, the massive digital haul is thought to be among the largest data breaches of all time.

Hold Security would not release the details of affected individuals and companies, claiming some of the targeted websites were still vulnerable. According to Holden, the hacker’s names and locations have been identified, but Hold Security wouldn’t release any information except that the group is made up of fewer than 12 men in their 20s. Holden said there were no apparent links between the hackers and the Russian government.

Although personal information can promise big financial returns on the black market, the criminals behind the breach have kept most of their haul for themselves. At this time, they appear to be using the data to spam others through social networks such as Facebook and Twitter.

This isn’t the first attack to be revealed by Hold Security. The company is known for lifting the lid on substantial data breaches. In 2013, Hold Security discovered the large-scale attack on Adobe, which affected around 150 million users.

Continued attacks

Hold Security’s discovery is the latest example of a long list of cyber-attacks on major companies and individuals – although most others pale in comparison.

Last month, Australian online retailer Catch of the Day admitted to a data breach in 2011, which potentially put customer user names, passwords, addresses and credit card information at risk. In May, auction website eBay announced it was targeted by cyber-criminals in February and March, leaving personal details and passwords in the hands of hackers.

In the US, retail giant Target was hit in December last year, as 40 million credit cards and 70 million user details were stolen by Eastern European hackers.

According to security engineer and professional “white hat” hacker Jonathan Brossard, major companies are attacked multiple times a day. In an interview with CHOICE, Brossard explained that cyber-criminals generally focus their attention on major companies, so they grab as much data as possible in a single breach.

For more on online security, see our internet section.



Sign up to our free

Receive FREE email updates of our latest tests, consumer news and CHOICE marketing promotions.

Your say - Choice voice

Make a Comment

Members – Sign in on the top right to contribute to comments