Jump to content

Archived

This topic is now archived and is closed to further replies.

SweX

Cybervor Hacking Gang Steals 1.2 Billion Usernames And Passwords

Recommended Posts

Somewhere in a small city in south central Russia, a group of men in their twenties have got away with what some are describing as one of the biggest cyber-heists in history.  

 

The gang, which has been dubbed “CyberVor” (“vor” means “thief” in Russian) by security researchers, is thought to be in possession of the largest known haul of stolen internet credentials – 1.2 billion usernames and passwords, together with 542 million email addresses.  

 

And the data has been stolen from some 420,000 different websites.

 

hxxp://www.welivesecurity.com/2014/08/06/cybervor-hacking-gang/

Share this post


Link to post
Share on other sites

The biggest problem, as Forbes's Kashmir Hill and The Wall Street Journal's Danny Yadron have noted, is that Hold Security is already capitalizing on the panic, charging a $120-per-year subscription to anyone who wants to check if their name and password are on the list. Hold says it's just trying to recoup expenses, but there's something unseemly about stoking fears of cybercrime and then asking concerned citizens to pay up. It also gives Hold a clear incentive to lie to reporters about how large and significant the finding is.

 

hxxp://www.theverge.com/2014/8/6/5973729/the-problem-with-the-new-york-times-biggest-hack-ever

Share this post


Link to post
Share on other sites

How did this occur?

Initially, the gang acquired databases of stolen credentials from fellow hackers on the black market. These databases were used to attack e-mail providers, social media, and other websites to distribute spam to victims and install malicious redirections on legitimate systems. Earlier this year, the hackers altered their approach. Through the underground black market, the CyberVors got access to data from botnet networks (a large group of virus-infected computers controlled by one criminal system). These botnets used victims’ systems to identify SQL vulnerabilities on the sites they visited. The botnet conducted possibly the largest security audit ever. Over 400,000 sites were identified to be potentially vulnerable to SQL injection flaws alone. The CyberVors used these vulnerabilities to steal data from these sites’ databases. To the best of our knowledge, they mostly focused on stealing credentials, eventually ending up with the largest cache of stolen personal information, totaling over 1.2 billion unique sets of e-mails and passwords.

 

And like a coincidence ESS V8 have something for just that... 

"Botnet protection to detect and block communication of bots if running on computer"

 

Good timing by ESET  :D

Share this post


Link to post
Share on other sites

 

The biggest problem, as Forbes's Kashmir Hill and The Wall Street Journal's Danny Yadron have noted, is that Hold Security is already capitalizing on the panic, charging a $120-per-year subscription to anyone who wants to check if their name and password are on the list. Hold says it's just trying to recoup expenses, but there's something unseemly about stoking fears of cybercrime and then asking concerned citizens to pay up. It also gives Hold a clear incentive to lie to reporters about how large and significant the finding is.

 

hxxp://www.theverge.com/2014/8/6/5973729/the-problem-with-the-new-york-times-biggest-hack-ever

 

 

But this currently only affects business users.1 Private users can already register here for free, but only only 30 days long (ca. until 2014-09-06)!

 

1: Link to site for business users: hxxp://www.holdsecurity.com/services/deep-web-monitoring/bns/

Source: hxxp://www.pcwelt.de/news/Russische_Hacker_erbeuten_1_2_Milliarden_Nutzernamen_und_Passwoerter-Groesster_Datendiebstahl_aller_Zeiten-8845314.html (German) automatic translation by Bing Translator

Share this post


Link to post
Share on other sites

Yes but I don't want to register anywhere. I wait until a list popups somewhere wich it will sooner or later.  :D

Share this post


Link to post
Share on other sites

I wait until a list popups somewhere wich it will sooner or later.  :D

If you are a visitor of such sites :ph34r:, where this list can "popup"...

And if maybe it won't be complete.

Share this post


Link to post
Share on other sites

 

I wait until a list popups somewhere wich it will sooner or later.  :D

If you are a visitor of such sites :ph34r:, where this list can "popup"...

And if maybe it won't be complete.

 

If I find it I can let you know ;). No maybe it won't be the whole list, but then of course I am not a member of all of the websites on the list.

 

But it's pointless to change passwords now if the "problem" has not been fixed on their side yet, and I doub't all of them have done that already.

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...