The pervasive message from cyber-security experts has always been that it’s not matter of if you’ll be hacked, but rather, a matter of when. A direct illustration of that point was revealed early this week, with Hold Security’s August 5 announcement indicating that as many as a 1.2 billion unique credentials may have been compromised by Russian hackers over the past year. This is the largest data compromise ever recorded.
Hold’s research indicates that the compromised data was the work of a single Russian hacking organization, and that it is currently in possession of the world’s largest cache of stolen data. The results were found through Hold’s Deep Web Monitoring practice and their Credential Integrity Services. The company has dubbed the unnamed gang the CyberVors.
According to the release accompanying the finding, Hold says the gang, has, “amassed over 4.5 billion records, mostly consisting of stolen credentials. 1.2 billion of these credentials appear to be unique, belonging to over half a billion e-mail addresses. To get such an impressive number of credentials, the CyberVors robbed over 420,000 web and FTP sites.”
The research goes on to show that the gang started amassing the massive collection of information by purchasing databases from other active hacking groups via online black markets. That method of collection has aided not only in the volume of records, but also their diversity. From there, the group took a more active approach, using the information they had already gathered to identify vulnerabilities in websites and services and use SQL injection to gain access to username and password sets. Hold says that there was no differentiation between small and large targets, and that hundreds of thousands of sites have been compromised.
Highly trained international hackers have increasingly become a concern for industrial and commercial targets. While the threat of password compromise—like in this particular breach— is more acutely felt for end users, stolen data caches like those in possession of CyberVor could give access to corporate emails or data bases and potentially result in the loss of trade secrets or intellectual property.
Hold recommends that following this revelation, corporations check their systems for vulnerabilities, especially those related to SQL injection. They warn that if information was previously compromised due to vulnerabilities in the database systems that it is only a matter of time before it occurs again.
Hold’s cybersecurity research independently exposed data breaches at Adobe and Target in 2013, and the company’s ongoing research efforts target active cybersecurity threats for both organization and individuals.
The company is offering 60 days of free identity monitoring as a result of the breach, interested parties can check their website www.holdsecurity.com for more information.