Russian Gang Stole 1.2B Internet Passwords, US Firm Says
Getting your Trinity Audio player ready...
|
A cybersecurity firm said it has uncovered about 1.2 billion Internet
logins and passwords and more than 500 million email addresses amassed
by a Russian crime ring, the largest known collection of such stolen
data, The New York Times reported on Tuesday. Hold Security of
Milwaukee, Wisconsin, which discovered the credentials, said they were
stolen from some 420,000 websites, according to the report. Hold
Security declined to identify the sites that were breached, citing
non- disclosure agreements and concerns that they remained vulnerable
to attack, the paper reported on its website. "Hackers did not just
target U.S. companies, they targeted any website they could get,
ranging from Fortune 500 companies to very small websites. And most of
these sites are still vulnerable," the New York Times quoted Alex
Holden, the founder of Hold Security, as saying. Reuters could not
independently confirm the details of the report. Dmitri Alperovitch,
chief technology officer of the cybersecurity firm CrowdStrike told
Reuters that the stolen passwords could be used to access other
accounts beyond the ones on sites that were breached because people
commonly use the same passwords for multiple sites. "A compromise like
this could mushroom," said Alperovitch. Hold Security in February said
it had uncovered stolen credentials from some 360 million accounts
that were available for sale on cyber black markets.