Richard Newstead/Getty Images/Flickr RF
A Russian gang of computer hackers has gathered a staggering cache of some 1.2 billion stolen usernames and passwords, exposing vulnerability in some 400,000 websites targeted, according to a report Tuesday.
The find by Hold Security, a Milwaukee-based firm, also included some 542 million email addresses culled by the crew of twentysomethings based in a small south central Russian city, the New York Times reported.
'Hackers did not just target U.S. companies, they targeted any website they could get, ranging from Fortune 500 companies to very small websites,' Alex Holden, the founder and chief information security officer of Hold Security, told the Times. 'And most of these sites are still vulnerable.'
The virtual criminals do not appear to be working for the Russian government, Holden told the paper, and the gang has not sold the information. Rather, they've been paid by third-party groups to use their powerful holding of online information to send spam on social media.
The Russian government rarely pursues hackers, meaning the gang can likely continue operating unimpeded, according to the Times.
kizilkayaphotos/Getty Images
'There is a division of labor within the gang,' Holden told the Times. 'Some are writing the programming, some are stealing the data. It's like you would imagine a small company; everyone is trying to make a living.'
Holden said his is trying to contact all the violated websites, but 'most of these sites are still vulnerable,' he said. The hackers use botnets to determine sites vulnerabilities, then clear out each sites database of any available information.
News of the massive breach comes as hundreds of hackers, online security and other tech companies gather in Las Vegas for the annual Black Hat conference, scheduled to run through Friday. The disclosure could shape future online security measures as breaches become larger, more invasive and more costly.
Companies that rely on usernames and passwords have to develop a sense of urgency about changing this,' Avivah Litan, a security analyst at research firm Gartner, told the Times. 'Until they do, criminals will just keep stockpiling people's credentials.'
sgoldstein@nydailynews.com
Entities 0 Name: Holden Count: 3 1 Name: Russian Count: 3 2 Name: Times Count: 2 3 Name: U.S. Count: 1 4 Name: Alex Holden Count: 1 5 Name: Richard Newstead\/Getty Count: 1 6 Name: Las Vegas Count: 1 7 Name: New York Times Count: 1 8 Name: Avivah Litan Count: 1 9 Name: Gartner Count: 1 Related 0 Url: http://ift.tt/1ocuRH2 Title: Russian Gang Said to Amass More Than a Billion Stolen Internet Credentials Description: A Russian crime ring has amassed the largest known collection of stolen Internet credentials, including 1.2 billion username and password combinations and more than 500 million email addresses, security researchers say. The records, discovered by Hold Security, a firm in Milwaukee, include confidential material gathered from 420,000 websites, ranging from household names to small Internet sites.