A group of Russian hackers have seized approximately 1.2 billion Internet users’ contact details and their secret access codes stored on the websites of hundreds of thousands of companies around the world. This is what the specialist company Hold Security says, specifying that hackers have looted a total of data from 420,000 websites, ranging from the largest brands to the smallest website.
In total, the mass of passwords collected by hackers reached 4.5 billion, including 1.2 billion “unique visitors” providing access to some 500 million e-mail accounts. Hold Security specifies having arrived at these conclusions after seven months of research: “Even if the group (of hackers) has no name, we nicknamed it + CyberVor +, + Vor + meaning + thief + in Russian” explains one. of its spokespersons.
All affected sites
First, “CyberVor” bought data on the black market, then used it to hack sites using spam and viruses that redirect users from sites they were using to hackers. “With hundreds of thousands of sites affected, the list includes the most important sites in all sectors but also small, even personal sites,” says Hold Security.
“4.5 billion seems like a huge number but you have to think about the number of sites that ask for identification by email and almost everyone reuses the same password more than once”, underlines the company, while specifying that all data stolen by hackers may not yet be usable.
Hold Security recommends that all sites verify that they have not been the victim of a vulnerability in their SQL (Structured Query Language) system. According to New York Times, this intrusion, which may be the largest ever, was part of a group of hackers based in Russia, somewhere between Kazakhstan and Mongolia. For its part, the Times assures that the pirates, aged in their twenties, would not be more than a dozen.