Cyber crime
Indian government setting up war room to tackle cyber terror activities, Picture: Representational ImageReuters

A Russian crime ring has hacked 1.2 billion usernames and passwords from over 500 million email addresses security researchers have said in a revelation that unravels the largest cyber crime in the world.

Hold Security, a US firm specialising in discovering breaches, has said the stolen information came from over 420,000 websites, describing the theft as the "largest data breach known to date."

"After more than seven months of research, Hold Security identified a Russian cyber gang, which is currently in possession of the largest cache of stolen data. While the gang did not have a name, we dubbed it 'CyberVor' ('vor' meaning 'thief' in Russian)," the US firm said in a report.

While stating that the cyber theft affected many leaders in almost all industries across the world, Hold Security did not give details of the companies affected by the massive hacking.
"They didn't just target large companies; instead, they targeted every site that their victims visited," Hold Security's statement read.

"With hundreds of thousands of sites affected, the list includes many leaders in virtually all industries across the world, as well as a multitude of small or even personal websites."

The New York Times, which was the first to report the story, said a "security expert not affiliated with Hold Security analyzed the database of stolen credentials and confirmed it was authentic."

The paper added that another computer crime expert who had reviewed the data, but not allowed to discuss it publicly, said that "some big companies were aware that their records were among the stolen information."

Hold Security, which has previously exposed hacks on Adobe and Target, said the gang initially acquired databases of stolen credentials from fellow hackers on the black markets.

"These databases were used to attack email providers, social media, and other websites to distribute spam to victims and install malicious redirections on legitimate systems," the firm said. 

The hackers, earlier this year, also got access to data from 'botnet networks' (a large group of virus-infected computers controlled by one criminal system). The botnet networks helped the hacking ring identify more than 400,000 websites that were vulnerable to cyber attacks.

"The CyberVors used these vulnerabilities to steal data from these sites' databases," the firm said adding: "To the best of our knowledge, they mostly focused on stealing credentials, eventually ending up with the largest cache of stolen personal information, totalling over 12 billion unique sets of emails and passwords."