Milwaukee – An organized crime syndicate based in Russia has reportedly obtained 1.2 billion passwords and 500 million email addresses from consumers across the globe. According to a report from security research firm Hold Security, the user information has been stolen from 420,000 Internet sites.
Sites range in all sizes and include sites for small businesses and individuals as well as major global companies. Hold Security would not identify any specific companies or industries that were targeted.
“Hackers did not just target U.S. companies, they targeted any website they could get, ranging from Fortune 500 companies to very small websites,” Alex Holden, the founder and chief information security officer of Hold Security, said in a New York Times report. “And most of these sites are still vulnerable.”
The hacker ring, based in south central Russia and consisting of roughly a dozen men in their 20s, used botnets to infect computers with a virus that allowed them to extract login information. In total, the thieves obtained about 4.5 billion individual records, although overlap of information meant they obtained 1.2 billion passwords and 542 million email addresses.
So far, the hackers mainly seem to be using the stolen information to send targeted spam on social media sites. However, the data could also be sold on the black market and/or used for identity theft.