View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Hackers make off with the biggest cache of data ever stolen

Russian "CyberVor" gang bought details off black market and used botnets.

By Jimmy Nicholls

A Russian gang has collected what may be the largest archive of login details in existence, according to Hold Security.

4.5 billion records are thought to have been pooled by the gang, dubbed CyberVor by the security firm, of which 1.2 billion are thought to be unique.

Hold said: "The CyberVors did not differentiate between small or large sites. They didn’t just target large companies; instead, they targeted every site that their victims visited.

"With hundreds of thousands sites affected, the list includes many leaders in virtually all industries across the world, as well as a multitude of small or even personal websites."

The hackers are thought to have used a number of methods to collate the credentials, initially buying it directly off the black market and later harvesting it themselves through botnets exploiting SQL vulnerabilities to target more than 400,000 websites.

"If we narrow it down by unique e-mail addresses, we still have over half a billion records since there may be multiple password corresponding to a single e-mail address," Hold said.

Not all credentials are thought to be valid or active, and the firm speculated that some of the email addresses collected were fake.

Content from our partners
Rethinking cloud: challenging assumptions, learning lessons
DTX Manchester welcomes leading tech talent from across the region and beyond
The hidden complexities of deploying AI in your business

James Mullock, partner at law firm Osborne Clarke, said: "An interesting feature of the attack having been uncovered by an independent security firm is the unstructured process by which news of which businesses have been hacked reaches those organisations.

"There is currently little legislative guidance regulating how that process should operate and it appears ripe for review."

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.