Aug 5 A cybersecurity firm said it has uncovered
about 1.2 billion Internet logins and passwords and more than
500 million email addresses amassed by a Russian crime ring, the
largest known collection of such stolen data, the New York Times
reported on Tuesday.
Hold Security of Milwaukee, Wisconsin, which discovered the
credentials, said they were stolen from some 420,000 websites,
according to the report.
Hold Security declined to identify the sites that were
breached, citing nondisclosure agreements and concerns that they
remained vulnerable to attack, the paper reported on its
"Hackers did not just target U.S. companies, they targeted
any website they could get, ranging from Fortune 500 companies
to very small websites. And most of these sites are still
vulnerable," the New York Times quoted Alex Holden, the founder
of Hold Security, as saying.
Reuters could not independently confirm the details of the
Dmitri Alperovitch, chief technology officer of the
cybersecurity firm CrowdStrike told Reuters that the stolen
passwords could be used to access other accounts beyond the ones
on sites that were breached because people commonly use the same
passwords for multiple sites.
"A compromise like this could mushroom," said Alperovitch.
Hold Security in February said it had uncovered stolen
credentials from some 360 million accounts that were available
for sale on cyber black markets. (reut.rs/1frS989)
(Reporting by Jim Finkle in Las Vegas; Editing by Grant McCool)