Russian crime ring amasses over a Billion credentials

Pierluigi Paganini August 06, 2014

Experts at Hold Security firm discovered a Russian group of hackers that collected 1.2B stolen credentials obtained in different data breaches worldwide.

Experts at Hold Security revealed to have discovered the biggest database of stolen user names and passwords and email addresses, the news is reported by The New York Times that hired an independent security expert who verified the authenticity of stolen data.

The U.S.-based Internet security company have discovered the amazing amount of data, nearly 1.2Billion credentials and half a billion email addresses, that is considered the single biggest amount of stolen Internet identity information ever collected. The experts believe that the data was collected from the numerous data breaches occurred all over the world in the last months and that hit around 420,000 websites.

By July, criminals were able to collect 4.5 billion credentials, Hold Security discovered many duplications in the archive but anyway, it found that 1.2 billion of those records were unique and the archive included about 542 million unique email addresses. This is normal if we consider the bad habit to reuse same credentials for different web services.

Hold Security hasn’t provided any information on the alleged breached websites, but according to Alex Holden, the company’s founder and chief information security officer, the list of compromised website is long and include enterprises and small firms.

“Hold Security would not name the victims, citing nondisclosure agreements and a reluctance to name companies whose sites remained vulnerable. At the request of The New York Times, a security expert not affiliated with Hold Security analyzed the database of stolen credentials and confirmed it was authentic” reported The New York Times.

Hold Security is specialized in the investigation of online data breaches on behalf of its customers, it has uncovered some major hacks in the past, including the Adobe Systems breach which caused the theft of 153 million credentials.

The bad actors who collected the amazing amount of data appears to be based in south central Russia, according to Holden, the expert also added that the cyber criminals do not seem to be connected to any government.

“The hacking ring is based in a small city in south central Russia, the region flanked by Kazakhstan and Mongolia. The group includes fewer than a dozen men in their 20s who know one another personally — not just virtually. Their computer servers are thought to be in Russia.” reports the New York post.

“There is a division of labor within the gang,”“Some are writing the programming, some are stealing the data. It’s like you would imagine a small company; everyone is trying to make a living.” 

“Hackers did not just target U.S. companies, they targeted any website they could get, ranging from Fortune 500 companies to very small websites,”“And most of these sites are still vulnerable.” said Alex Holden, confirming that many of the targeted websites are still vulnerable. Mr. Holden said. 

Law enforcement agencies and private companies are worried by the increased interest of cybercrime on personal information that is considerable precious commodities in the underground market. Recently, numerous data breaches cases have involved millions of users, let’s cite, for example, the cases of giant Target retail (40 million credit card numbers and 70 million addresses) and identity theft service in Vietnam which managed to obtain as many as 200 million personal records, including Social Security numbers, credit card data and bank account information from Court Ventures.


data breaches 2013 stolen credentials


It is interesting to note that the amazing repository also includes Russian Websites, this circumstance, confirm that there is no connection between the hackers and the Russian government as speculated in the past by many security experts.

This news, once again, spotlights on the importance of authentication processes and users’ awareness of cyber threats, it is crucial to educate people to carefully protect their digital identity with the adoption of best practices.

Username and passwords are not enough to protect us.

Pierluigi Paganini

(Security Affairs –  credentials, data breach)  

you might also like

leave a comment