The Desk appreciates the support of readers who purchase products or services through links on our website. Learn more...

Russian hackers said to steal 1 billion online credentials in massive crime ring

Photo of author
By:
Matthew Keys
»

mkeys@thedesk.net

Share:

passwordA Russian crime syndicate is said to have collected over one billion usernames and passwords and more than 500 million e-mail addresses in what is being called one of the largest online cyber intrusions in history.

More than 400,000 websites are affected by the data breach, according to security researchers quoted by the New York Times on Tuesday. Those websites include well-known “household names” and small web services alike, the Times said.

A cyber security expert with Wisconsin-based Hold Security said most of those 400,000 websites are still vulnerable to breaches.

“Hackers did not just target U.S. companies, they targeted any website they could get, ranging from Fortune 500 companies to very small websites,” Alex Holden, the founder and chief information security officer of Holden Security, told the paper.

Holden refused to identify the websites that were affected, citing non-disclosure agreements and concern that websites could fall victim to other attacks if their names were published while they remain vulnerable.

Security experts say the Russian hackers do not appear to be selling the information they’ve collected, but are instead capitalizing on the compromised credentials by sending spam messages to other users in exchange for payments from third parties.

The Times says the hacking ring is run by less than a dozen men in their 20s out of a remote village in south-central Russia. The group started as a small gang of cyber criminals who bought stolen usernames and passwords off the black market. Over time, the operation grew larger: The syndicate is said to have partnered with another group whose identity has not yet been uncovered.

Holden Security says they’ve begun notifying affected websites of the data breach. The company is also working on a tool that will allow individuals to see if their e-mail addresses are among those that were compromised.

Cyber security experts recommend using different, complex passwords for every website (a password made of a random string of letters, numbers and punctuation marks is hard to crack) as well as employing two-step authentication, a feature that requires a person to enter a code generated by a mobile device after entering one’s password.

NYTimes: Hackers collect 1.2 billion passwords, 500 million e-mail addresses

Never miss a story

Get free breaking news alerts and twice-weekly digests delivered to your inbox.

We do not share your e-mail address with third parties; you can unsubscribe at any time.

Photo of author

About the Author:

Matthew Keys

Matthew Keys is the award-winning founder and editor of TheDesk.net, an authoritative voice on broadcast and streaming TV, media and tech. With over ten years of experience, he's a recognized expert in broadcast, streaming, and digital media, with work featured in publications such as StreamTV Insider and Digital Content Next, and past roles at Thomson Reuters and Disney-ABC Television Group.
TheDesk.net is free to read — please help keep it that way.

We rely on advertising revenue to support our original journalism and analysis.
Please disable your ad-blocking technology to continue enjoying our content.

Learn how to disable your ad blocker on: Chrome | Firefox | Safari | Microsoft Edge | Opera | AdBlock plugin

Alternatively, add us as a preferred source on Google to unlock access to this website.

If you think this is an error, please contact us.