Russian gang has over 1.2bn stolen passwords acquired from vulnerable sites

6 Aug 2014

A Russian gang has become ‘internet enemy No 1’ after it has been found to have amassed 1.2bn username and password combinations from vulnerable websites.

A team of security analysts from Hold Security in the US made the discovery. The analysts also confirmed more than 500m email addresses are in the possession of the gang, all of which had been acquired from a large virtual trawl of more than 420,000 of the most insecure websites on the internet, according to The New York Times.

The security firm won’t release the details of some of the largest websites affected, but independent security analysts have verified Hold Security’s claim about the Russian online gangsters is indeed true.

The head of Hold Security, Alan Holden, has reiterated that this does not have the fingerprints of any government’s influence from the Russian standpoint, as many of the gang’s targets also included its own Russian websites.

In terms of the overall make-up of the group, which reportedly unleashed thousands of botnets on the web, it comprises no more than a dozen men in their early 20s and originates from a small south-central city in the country.

However, Hold Security has received its own flak online over announcing the breach for what some critics are saying is opportunism and exploiting hysteria by offering a service whereby paying US$120 you can find out if your information was included in the haul as part of a ‘breach notification service’. 

Password hacker image via Shutterstock

Colm Gorey was a senior journalist with Silicon Republic

editorial@siliconrepublic.com