August 6th 2014
It is believed that 1.2 billion usernames and passwords belonging to more than 500 million email addresses of users across the world have been hacked by a Russian gang in what an internet security specialist describes as the largest data breach known to date.
The data allegedly came from 420,000 websites including "many leaders in virutally all industries across the world", according to US-based Hold Security. The company has not revealed which companies were hacked. It was not just large companies who were affected, but every site – large or small – that their victims visited.
The breach was first reported by the New York Times, who had another, independent security expert analyse the database of stolen credentials to confirm its authenticity. Another US newspaper, the Wall Street Journal, understands that Hold Security will offer website owners the ability to check whether they have been affected, on payment of a fee.
The Russian hackers are said to have acquired the data in two ways. Initially, they purchased databases of stolen credentials from other hackers, the information then being used to attack email providers, social media and other websites to distribute spam and intall malware on victims' systems. They also used botnets to identify more than 400,000 vulnerable websites.