In total, 1.2 billion username and password combinations have been stolen, in addition to 500 million email addresses.
Hold Security founder Alex Holden says the data was stolen from 42,000 sites across the Web, with no specific agenda. "Hackers did not just target US companies, they targeted any website they could get, ranging from Fortune 500 companies to very small websites," Holden noted. "And most of these sites are still vulnerable."
If accurate, the thefts would make last year's Target security breach look like child's play, where about 60 million credit and debit card numbers were stolen over the course of a few months.
Holden says the Russian outfit is about a dozen young hackers who first bought stolen data off underground markets and then began working with another group to aim bigger. "There is a division of labor within the gang," Holden added. "Some are writing the programming, some are stealing the data. It's like you would imagine a small company; everyone is trying to make a living."
Source:
NYT
Written by: Andre Yoskowitz @ 5 Aug 2014 20:34