Sunday, 10 May 2015

2014 Russian hacker password theft

The 2014 Russian hacker password theft is an alleged hacking incident resulting in the possible theft of over 1.2 billion internet credentials, including usernames and passwords, with hundreds of millions of corresponding e-mail addresses.The data breach was first reported by the New York Times (and then reported in many other media) after being allegedly discovered and reported by Milwaukee-based information security company, Hold Security.

420,000 websites are reported to be affected. According to a New York Times source, some big companies know that their user's credentials are among the stolen. Hold Security did not disclose which sites were compromised, but, instead, offered two separate services, one for website owners and one for consumers to check if they're affected.The service for website owners costs $10 a month. The check for consumers is free.

Hold Security described the group responsible for the hack as a small group of “fewer than a dozen men in their 20s ... based in a small city in south central Russia, the region flanked by Kazakhstan and Mongolia,” and dubbed the groupCyberVor (Russian, lit. "cyber thief"). Hold claimed the hack was perpetrated through the use of SQL injection. According to a Forbes article, Hold Security says that not all the 1.2 billion credentials were stolen this way, there are also ones that CyberVor simply bought from people that used other means, and Hold Security doesn't know what the split is.

No comments:

Post a Comment