bit-tech.net

Russian gang grabs 1.2 billion passwords, firm claims

Russian gang grabs 1.2 billion passwords, firm claims

Hold Security has claimed to have uncovered 1.2 billion unique credentials stolen by a Russian gang, but is demanding businesses and users subscribe to its services - and supply passwords - to see if they have been affected.

A security company has claimed detection of one of the biggest data breaches in history, with Russian attackers having made off with more than 1.2 billion unique credentials - but is being coy with details.

In an announcement made late last night, Hold Security claimed to have uncovered evidence over the past 18 months of a gang of criminals operating out of Russia. Dubbed 'CyberVor' - 'vor' being Russian for 'thief' - by the company, the gang is claimed to have stolen 1.2 billion unique credentials from around 420,000 infected websites. These credentials, the company claims, are linked to half a billion email addresses - making it one of the biggest data breaches in recorded history.

'Whether you are a computer expert or a technophobe, as long as your data is somewhere on the World Wide Web, you may be affected by this breach,' the company warned in its announcement. 'Your data has not necessarily been stolen from you directly. It could have been stolen from the service or goods providers to whom you entrust your personal information, from your employers, even from your friends and family.'

Sadly for anyone alarmed by the company's rhetoric, details of the sites affected are not being made public. Instead, Hold Security is pushing users to register for its Identity Protection Service, a subscription-bearing service with a free 30-day trial. Businesses, too, are pointed towards the company's paid-for monitoring and notification services. The timing of the announcement to coincide with the launch of such monitoring services has not gone unnoticed, and has led some - including Forbes journalist Kashmir Hill - to question the validity of the company's claims.

The nature of the Identity Protection Service is also intriguing: those who register are asked to provide email addresses, which are purportedly checked against the database of credentials from CyberVor. If there's a match, Hold Security then asks users to submit their passwords for direct match checking. Despite assurances that said passwords are strongly encrypted at the client side, this encryption could be easily reversed by the company - and would have to be, if any of the stolen data is hashed and salted.

5 Comments

Discuss in the forums Reply
ArcAngeL 6th August 2014, 11:44 Quote
I think I came across this syndicate, had infected a vulnerable windows server that was querying every public ip for vulnerabilities and logging them. They had used a MySQL exploit to high jacked the system account and generated themselves their own local admin and had RDP'd into the server loaded their software and launched their attack from the server, it appeared like it had acted like a worm, compromised the server and used it to spread to more compromised, collecting vulnerable servers in its wake.

I changed their local password and logged in on their active login connection to see the exploit running. I took all their data and the source ip from where the initial exploit on our server had come from. And send it onto authorities.
Umbra 6th August 2014, 11:45 Quote
Quote:
The timing of the announcement to coincide with the launch of such monitoring services has not gone unnoticed, and has led some - including Forbes journalist Kashmir Hill to question the validity of the company's claims.

^^^ That, unless they can prove it.
Corky42 6th August 2014, 11:49 Quote
This sound so much like a scam. If it wasn't that this Hold Security was (from what i read) the same firm that revealed the Adobe and Target breaches i would outright say it is a scam. :?
ZeDestructor 6th August 2014, 13:23 Quote
Quote:
Originally Posted by Corky42
This sound so much like a scam. If it wasn't that this Hold Security was (from what i read) the same firm that revealed the Adobe and Target breaches i would outright say it is a scam. :?

It does indeed (that timing is seriously suspicious), but they seem to indeed have the experience to back it (I confirmed the Adobe work when I tracked it down, but got bored and didn't check the Target announce).

/me primes Keepass' password generator.
Corky42 20th August 2014, 20:34 Quote
It seems this has attracted the attention of the FBI.

FBI probing reported theft of 1.2 billion Internet credentials
http://www.reuters.com/article/2014/08/19/us-cybercrime-breach-russia-idUSKBN0GJ2AH20140819
Quote:
"The FBI is investigating the recently reported incident involving the potential compromise of numerous user names and passwords, and will provide additional information as the nature and scope of the incident becomes clearer," agency spokesman Josh Campbell said on Tuesday via email.
Log in

You are not logged in, please login with your forum account below. If you don't already have an account please register to start contributing.



Discuss in the forums