Russian Hackers Said To Haul in Over a Billion Stolen Emails, Passwords

KNWA via NBC -- A group of Russian hackers has reportedly amassed what may be the largest collection of stolen Internet credentials ever: 1.2 billion user names and passwords, plus 500 million email addresses. Hold Security, a Wisconsin-based information security company that uncovered the stash and the hacking ring behind it, provided the details to the New York Times on Tuesday. More than 420,000 websites, including some unnamed but reportedly major ones, fell victim to the remarkably rudimentary hack over the several years the cybercrime ring has been operational, according to the Times.

The technique believed to be used is a well-established one for plucking low-hanging fruit of the Internet. Computers all over the world, unknowingly infected with malware, formed a "botnet" doing the group's bidding. Each time a computer visited a site, it attempted a "SQL injection," in which items like search and comment fields are filled with code meant to force the site's database to spit out its contents. Such vulnerabilities are well known and fairly easily fixed, but thousands of websites clearly have yet to do so. NBC News contacted Hold Security for details but has not yet received a response.

More Stories

Don't Miss

  • KNWA - Northwest Arkansas News

  • Fox 24 News

  • NWA Weather Authority

  • Razorback Nation

  • KNWA News

  • Fox24 News

  • Razorback Nation

  • KNWA Northwest Arkansas News Mobile App

  • NWA Weather Authority Mobile App

  • Hogville for Sports Mobile App