A Russian cyber gang has stolen more than 1.6 billion internet username and password combinations, according to US security firm Hold Security – a company that specialises in finding breaches.
Hold Security said that the gang – which it dubbed “CyberVor”, after the Russian word for thief, vor – had gathered confidential data from more than 500 million email addresses and 420,000 websites.
“Hackers did not just target US companies, they targeted any website they could get, ranging from Fortune 500 companies to very small websites,” Alex Holden, the founder and chief information security officer of Hold Security, told The New York Times. “And most of these sites are still vulnerable.”
The company described the hack as the largest data breach known to date.
The hacking ring is based in south central Russia, according to The Times, and consists of fewer than a dozen men aged in their 20s. The newspaper says that the hackers began as amateur spammers in 2011, but could have partnered with a larger entity since.
The criminals behind the attacks have not sold any of the information online, but appear to be using the credentials to spread spam. The hackers aren’t believed to be connected to the Russian government.