2014 Russian hacker password theft

Last updated

The 2014 Russian hacker password theft is an alleged hacking incident resulting in the possible theft of over 1.2 billion internet credentials, including usernames and passwords, with hundreds of millions of corresponding e-mail addresses. [1] The data breach was first reported by The New York Times after being allegedly discovered and reported by Milwaukee-based information security company, Hold Security. [2] [3]

Contents

420,000 websites are reported to be affected. [4] According to The New York Times, some big companies knew that their user's credentials are among the stolen. [3] Hold Security did not disclose which sites were compromised, but, instead, offered two separate services, one for website owners and one for consumers to check if they're affected. [4] The service for website owners costs $10 a month. [5] The check for consumers is free. [6]

Hold Security described the group responsible for the hack as a small group of "fewer than a dozen men in their 20s ... based in a small city in south central Russia, the region flanked by Kazakhstan and Mongolia", and dubbed the group CyberVor (Russian, lit. "cyber thief"). Hold claimed the hack was perpetrated through the use of SQL injection. [7] [8] According to a Forbes article, Hold Security says that not all the 1.2 billion credentials were stolen this way, there are also ones that CyberVor simply bought from people that used other means, and Hold Security doesn't know what the split is. [9]

Criticism of Hold Security

Forbes columnist, Kashmir Hill, noted "The Internet predictably panicked as the story of yet another massive password breach went viral." and "[T]his is a pretty direct link between a panic and a pay-out for a security firm." [5] Hold Security's website has a service offering people to check if their username and password pair has been stolen. It requires people to send Hold Security encrypted versions of their passwords. [4]

Skepticism

No named independent sources came forward to confirm the breach, [5] and Forbes columnist, Joseph Steinberg, even expressed outright skepticism about many of the "facts" claimed about the breach, raising questions about the trustworthiness of the reports of the breach altogether. [4]

Related Research Articles

<span class="mw-page-title-main">SQL injection</span> Computer hacking technique

In computing, SQL injection is a code injection technique used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution. SQL injection must exploit a security vulnerability in an application's software, for example, when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed. SQL injection is mostly known as an attack vector for websites but can be used to attack any type of SQL database.

A data breach, also known as data leakage, is "the unauthorized exposure, disclosure, or loss of personal information".

Teamp0ison was a computer security research group consisting of 3 to 5 core members. The group gained notoriety in 2011/2012 for its blackhat hacking activities, which included attacks on the United Nations, NASA, NATO, Facebook, Minecraft Pocket Edition Forums, and several other large corporations and government entities. TeaMp0isoN disbanded in 2012 following the arrests of some of its core members, "TriCk", and "MLT".

The 2012 LinkedIn hack refers to the computer hacking of LinkedIn on June 5, 2012. Passwords for nearly 6.5 million user accounts were stolen. Yevgeniy Nikulin was convicted of the crime and sentenced to 88 months in prison.

<span class="mw-page-title-main">NullCrew</span>

NullCrew was a hacktivist group founded in 2012 that took responsibility for multiple high-profile computer attacks against corporations, educational institutions, and government agencies.

Fancy Bear, also known as APT28, Pawn Storm, Sofacy Group, Sednit, Tsar Team and STRONTIUM or Forest Blizzard, is a Russian cyber espionage group. Cybersecurity firm CrowdStrike has said with a medium level of confidence that it is associated with the Russian military intelligence agency GRU. The UK's Foreign and Commonwealth Office as well as security firms SecureWorks, ThreatConnect, and Mandiant, have also said the group is sponsored by the Russian government. In 2018, an indictment by the United States Special Counsel identified Fancy Bear as GRU Unit 26165. This refers to its unified Military Unit Number of the Russian army regiments. The headquarters of Fancy Bear and the entire military unit, which reportedly specializes in state-sponsored cyberattacks and decryption of hacked data, were targeted by Ukrainian drones on July 24, 2023, the rooftop on an adjacent building collapsed as a result of the explosion.

<span class="mw-page-title-main">Have I Been Pwned?</span> Consumer security website and email alert system

Have I Been Pwned? is a website that allows Internet users to check whether their personal data has been compromised by data breaches. The service collects and analyzes hundreds of database dumps and pastes containing information about billions of leaked accounts, and allows users to search for their own information by entering their username or email address. Users can also sign up to be notified if their email address appears in future dumps. The site has been widely touted as a valuable resource for Internet users wishing to protect their own security and privacy. Have I Been Pwned? was created by security expert Troy Hunt on 4 December 2013.

Alex Holden is the owner of Hold Security, a computer security firm. As of 2015, the firm employs 16 people.

Credential stuffing is a type of cyberattack in which the attacker collects stolen account credentials, typically consisting of lists of usernames or email addresses and the corresponding passwords, and then uses the credentials to gain unauthorized access to user accounts on other systems through large-scale automated login requests directed against a web application. Unlike credential cracking, credential stuffing attacks do not attempt to use brute force or guess any passwords – the attacker simply automates the logins for a large number of previously discovered credential pairs using standard web automation tools such as Selenium, cURL, PhantomJS or tools designed specifically for these types of attacks, such as Sentry MBA, SNIPR, STORM, Blackbullet and Openbullet.

In 2013 and 2014, the American web services company Yahoo was subjected to two of the largest data breaches on record. Although Yahoo was aware, neither breach was revealed publicly until September 2016.

<span class="mw-page-title-main">Okta, Inc.</span> American information technology company

Okta, Inc. is an American identity and access management company based in San Francisco. It provides cloud software that helps companies manage and secure user authentication into applications, and for developers to build identity controls into applications, website, web services, and devices. It was founded in 2009 and had its initial public offering in 2017, reaching a valuation of over $6 billion.

REvil was a Russia-based or Russian-speaking private ransomware-as-a-service (RaaS) operation. After an attack, REvil would threaten to publish the information on their page Happy Blog unless the ransom was received. In a high profile case, REvil attacked a supplier of the tech giant Apple and stole confidential schematics of their upcoming products. In January 2022, the Russian Federal Security Service said they had dismantled REvil and charged several of its members.

<span class="mw-page-title-main">2020 United States federal government data breach</span> US federal government data breach

In 2020, a major cyberattack suspected to have been committed by a group backed by the Russian government penetrated thousands of organizations globally including multiple parts of the United States federal government, leading to a series of data breaches. The cyberattack and data breach were reported to be among the worst cyber-espionage incidents ever suffered by the U.S., due to the sensitivity and high profile of the targets and the long duration in which the hackers had access. Within days of its discovery, at least 200 organizations around the world had been reported to be affected by the attack, and some of these may also have suffered data breaches. Affected organizations worldwide included NATO, the U.K. government, the European Parliament, Microsoft and others.

ShinyHunters is a black-hat criminal hacker group that is believed to have formed in 2020 and is said to have been involved in numerous data breaches. The stolen information is often sold on the dark web.

<span class="mw-page-title-main">Vinny Troia</span> American ethical hacker and cybersecurity researcher

Vincenzo Troia is an American ethical hacker and cybersecurity researcher who is known for reporting and identifying the Dark Overlord hacker group and hacker pompompurin, who was the owner-operator of the website BreachForums and was also involved in the 2021 FBI email hacking. He is also known for disclosing the Shanghai police database leak in 2022.

References

  1. "Russia gang hacks 1.2 billion usernames and passwords". BBC News. August 6, 2014. Archived from the original on September 28, 2018. Retrieved June 21, 2018.
  2. Sullivan, Gail (August 6, 2014). "Russian hackers steal more than 1 billion passwords. Security firm seizes opportunity". The Washington Post . Archived from the original on August 7, 2014. Retrieved August 6, 2014.
  3. 1 2 Perlroth, Nicole (August 5, 2014). "Russian Gang Amasses Over a Billion Internet Passwords". The New York Times. Archived from the original on August 5, 2014. Retrieved August 6, 2014.
  4. 1 2 3 4 Joseph Steinberg (August 7, 2014). "Why I Am Skeptical About 1.2-Billion Passwords Being Stolen". Forbes. Archived from the original on August 11, 2014. Retrieved August 7, 2014.
  5. 1 2 3 Hill, Kashmir (August 5, 2014). "Firm That Exposed Breach Of 'Billion Passwords' Quickly Offered $120 Service To Find Out If You're Affected". Forbes. Archived from the original on August 8, 2014. Retrieved August 7, 2014.
  6. "CyberVor Breach FAQ". Hold Security. August 12, 2014. Archived from the original on August 19, 2014. Retrieved August 18, 2014.
  7. Marks, Joseph (August 5, 2014). "Russian hacking gang steals more than 1 billion usernames and passwords". Politico . Archived from the original on August 8, 2014. Retrieved August 6, 2014.
  8. "Russian hackers 'stole 1.2 billion passwords'". Al Jazeera . 7 August 2014. Archived from the original on 9 February 2022. Retrieved 9 February 2022.
  9. Thomas, Brewster (August 12, 2014). "The Man Who Found 1.2 Billion Stolen Passwords: Negative Publicity Harming My Business". Forbes. Archived from the original on August 16, 2014. Retrieved August 18, 2014.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.