A group of Russian criminals have stolen 1.2 billion username and password combinations for more than 500 million email addresses. It's the largest known collection of stolen Internet credentials, according to a New York Times report.
Cyber security firm Hold Security discovered the security breach. The firm found that the group of criminals collected personal information from 420,000 websites, including household names and small Internet sites. The criminals were based in a small city in south central Russia. They hacked websites inside Russia as well as big companies in the U.S. and other countries, the New York Times reports. The firm can not say exactly which websites were broken into.
The criminals found hundreds of thousands of weak websites and attacked their coding, Hold Security said. Alex Holden is the chief information security officer of Hold Security.“[The] hackers did not just target U.S. companies, they targeted any website they could get,” Holden told the Times. “And most of these sites are still vulnerable.”
Tip of the Iceberg
According to Hold Security, the criminals have been using the stolen information to send spam through e-mail and on social networks like Twitter. They can also use the 500 million stolen e-mail address to plan other crimes. They could use information from bank e-mails to steal your identity or sell the e-mail address to other criminals to make quick cash.
The reported break-ins are the latest events to raise doubts about security at big and small companies. Last winter, hackers stole 40 million credit card numbers and 70 million addresses, phone numbers and other personal information from the retailer Target Corp. The brand is still working to regain its shoppers’ trust.
John Prisco is a CEO of a security firm called Triumfant. He says security hacks are more common than many people and companies realize. "This issue reminds me of an iceberg, where 90 percent of it is actually underwater," Prisco said in an emailed statement. “So many cyber breaches today are not actually reported, often times because companies are losing information and they are not even aware of it."
Security experts believe hackers will continue breaking into computer networks unless companies become more protective of personal information.