This week marks yet another historic moment in cyber breaches: Security researchers say Russian hackers have stolen 4.5 billion records, gathered from more 400,000 websites, with 1.2 billion of these credentials appearing to be unique and belonging to over half a billion email addresses. This dwarfs the number of individuals affected by the Target data breach, which included the credit card information of 40 million customers and around 70 million email and mailing addresses.
Hold Security, an information security and investigations company, released a statement this week that after more than seven month of research, it was able to identify a Russian cyber gang that is now in possession of the largest cache of stolen data to date. Hold Security reports that the Russian cyber gang, dubbed “CyberVor” (“vor” meaning “thief” in Russian), acquired databases of stolen credentials from fellow hackers on the black market.
Hold Security reported that the focus of CyberVor was to steal personal information, which can lead to identity theft.
“To the best of our knowledge, they mostly focused on stealing credentials, eventually ending up with the largest cache of stolen personal information, totaling over 1.2 billion unique sets of e-mails and passwords,” the group said.
It is suspected that the Russian hackers used botnets to obtain credentials on a colossal scale, but so far, they don’t seem to have sold many of the records online. Instead, it appears that CyberVor may be using the stolen information to send spam on social networking sites in return for payment by other groups.
With this newly uncovered breach reaching previously unimaginable size, the question of how to secure your information has become pressing for both individuals and companies alike. Lillian Ablon, a security researcher at the RAND Corporation, told the New York Times, “The ability to attack is certainly outpacing the ability to defend. We’re constantly playing this cat and mouse game, but ultimately companies just patch and pray.”
One computer security expert, Steven Murdoch from University College London’s computer science department, told the BBC that it may be too early to advise individuals to reset all of their passwords.
“It’s not necessarily the case that a large proportion of internet users have been affected,” he said. “Until we get more statistics we won’t know that. So, there’s no reason to panic now, but perhaps it’s a good reminder to follow best practice of not using the same password on multiple websites, because this will not be the last time such a breach happens.”
If you feel that your personal information may be at risk, it may be a good idea to change your passwords. Symantec Corporation has outlined steps to creating and choosing better passwords and has written an online program that allow users to generate secure passwords for free in an effort to protect user’s identity and personal information.
[ Image courtesy of Salvatore Vuono / FreeDigitalPhotos.net ]