In what’s believed to be the largest stockpile of stolen Internet credentials in history, a Russian hacking ring has gathered more than 1.2 billion unique Internet credentials, according to web security experts. The relatively small group has reportedly collected passwords along with user names and email addresses.
The news was first reported by The New York Times, which says the group attacked all kinds of websites to steal data: large and small, and in countries from Russia to the U.S. and elsewhere.
“Milwaukee-based Hold Security confirms to NPR it discovered the breach,” NPR’s Elise Hu reports. “The confidential material was gathered from more than 420,000 websites, ranging from small operations to those of major corporations.”
Hold Security hasn’t revealed businesses are vulnerable, in part due to nondisclosure agreements and in part because many of their websites remain vulnerable.
As for details about the hacking gang, The New York Times says they’ve grown more ambitious since starting out as a spam operation in 2011.
From the Times:
“The hacking ring is based in a small city in south central Russia, the region flanked by Kazakhstan and Mongolia. The group includes fewer than a dozen men in their 20s who know one another personally — not just virtually. Their computer servers are believed to be in Russia.”