FBI is hunting MrGrey who has stolen 1.2 BILLION login credentials

Pierluigi Paganini November 26, 2015

The FBI is convinced that there is a single hacker behind the theft of login credentials for over 1.2 Billion online accounts, his name is MrGrey.

According to a report published by the Reuters, the FBI is convinced that there is a single hacker behind the theft of login credentials for over 1.2 Billion online accounts, his name is MrGrey.

If confirmed, it could be the biggest heist of log-in credentials the FBI has investigated. My readers surely remember the case, last year the security firm Hold Security reported the amazing theft of the login credentials.

In August 2014, experts at Hold Security revealed to have discovered the biggest database of stolen user names and passwords and email addresses, the news is reported by The New York Times that hired an independent security expert who verified the authenticity of stolen data.

The security firm has discovered the amazing amount of data, nearly 1.2Billion credentials and half a billion email addresses, that is considered the single biggest amount of stolen Internet identity information ever collected. The experts believe that the data was collected by the Russian hacking group CyberVor from the numerous data breaches occurred all over the world in the last months and that hit around 420,000 websites vulnerable to SQL injection attacks.

fbi searching for MrGrey

The CyberVor hacking crew used botnets to search and hack vulnerable websites.

“To the best of our knowledge, [CyberVor] mostly focused on stealing credentials, eventually ending up with the largest cache of stolen personal [data], totalling over 1.2 Billion unique sets of emails and passwords,” Hold Security said in August last year.

By July 2014, criminals were able to collect 4.5 billion credentials, Hold Security discovered many duplications in the archive but anyway, it found that 1.2 billion of those records were unique and the archive included about 542 million unique email addresses. This is normal if we consider the bad habit to reuse same credentials for different web services.

Hold Security didn’t provide any information on the alleged breached websites, but according to Alex Holden, the company’s founder and chief information security officer, the list of compromised websites is long and include enterprises and small firms.

“Hold Security would not name the victims, citing nondisclosure agreements and a reluctance to name companies whose sites remained vulnerable. At the request of The New York Times, a security expert not affiliated with Hold Security analyzed the database of stolen credentials and confirmed it was authentic” reported The New York Times.

The Reuters has visioned court documents provided by the law enforcement to support its search warrant request in 2014.

“That hacker, known as “mr.grey,” was identified based on data from a cybersecurity firm that announced in August 2014 that it had determined an alleged Russian crime ring was responsible for stealing information from more than 420,000 websites, the documents said. The papers, made public last week by a federal court in Milwaukee, Wisconsin, provide a window into the Federal Bureau of Investigation’s probe of what would amount to the largest collection of stolen usernames and passwords.” states the Reuters.

The FBI associated MrGrey with the largest heist after discovering his Russian email address in spammer tools and posts on a Russian hacking forum offering to get user login credentials of Twitter, Facebook and Russian social network VK.

“The FBI also discovered an email address registered in 2010 contained in the spam utilities for a “mistergrey,” documents show. A search of Russian hacking forums by the FBI found posts by a “mr.grey,” who in November 2011 wrote that if anyone wanted account information for users of Facebook, Twitter and Russian-based social network VK, he could locate the records.” continues the Reuters

This circumstance leads Alex Holden from Hold Security to believe MrGrey likely operated or had access to the database containing the huge quantity of login credentials.

At the time I’m writing there is not news on how Mr.Grey obtained all the login credentials neither if this name is used by a single hacker or a hacking crew.

Pierluigi Paganini

(Security Affairs – MrGrey, security)

you might also like

leave a comment