Russian Hackers Said To Haul in Over a Billion Stolen Emails, Passwords

Published 08/05 2014 04:53PM

Updated 08/06 2014 12:34AM

KNWA via NBC -- A group of Russian hackers has reportedly amassed what may be the largest collection of stolen Internet credentials ever: 1.2 billion user names and passwords, plus 500 million email addresses. Hold Security, a Wisconsin-based information security company that uncovered the stash and the hacking ring behind it, provided the details to the New York Times on Tuesday. More than 420,000 websites, including some unnamed but reportedly major ones, fell victim to the remarkably rudimentary hack over the several years the cybercrime ring has been operational, according to the Times.

The technique believed to be used is a well-established one for plucking low-hanging fruit of the Internet. Computers all over the world, unknowingly infected with malware, formed a "botnet" doing the group's bidding. Each time a computer visited a site, it attempted a "SQL injection," in which items like search and comment fields are filled with code meant to force the site's database to spit out its contents. Such vulnerabilities are well known and fairly easily fixed, but thousands of websites clearly have yet to do so. NBC News contacted Hold Security for details but has not yet received a response.

Copyright 2016 Nexstar Broadcasting, Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.

  • KNWA - Northwest Arkansas News
  • Fox 24 News
  • NWA Weather Authority
  • Razorback Nation
  • KNWA News
  • Fox24 News
  • Razorback Nation
  • KNWA Northwest Arkansas News Mobile App
  • NWA Weather Authority Mobile App
  • Hogville for Sports Mobile App