Tuesday 5th August 2014

On August 5th, it was reported that a Russian hacker group, dubbed CyberVor by Hold Secuirty, has amassed over 4.5 billion stolen personal records. Usernames and passwords from over 420,000 websites are among the stolen data, and it's reported that half a billion of those records are said to be unique email addresses.

At this time, there is no available list of sites that were breached. Some of the breached sites may still be vulnerable.

So far, the criminals have not sold many of the records online. Instead, they appear to be using the stolen information to send spam on social networks like Twitter at the behest of other groups, collecting fees for their work.

The Russian hackers have been able to capture credentials on a mass scale using botnets - networks of zombie computers that have been infected with a computer virus - to do their bidding. Any time an infected user visits a website, criminals command the botnet to test that website to see if it is vulnerable to a well-known hacking technique known as an SQL injection, in which a hacker enters commands that cause a database to produce its contents. If the website proves vulnerable, criminals flag the site and return later to extract the full contents of the database.

For further information visit:

BBC News
NYT
Hold Security

Accumuli Security is not responsible for content of external sites.

distributed by