2014 Russian hacker password theft

Last updated

The 2014 Russian hacker password theft is an alleged hacking incident resulting in the possible theft of over 1.2 billion internet credentials, including usernames and passwords, with hundreds of millions of corresponding e-mail addresses. [1] The data breach was first reported by The New York Times after being allegedly discovered and reported by Milwaukee-based information security company, Hold Security. [2] [3]

Contents

420,000 websites are reported to be affected. [4] According to The New York Times, some big companies knew that their user's credentials are among the stolen. [3] Hold Security did not disclose which sites were compromised, but, instead, offered two separate services, one for website owners and one for consumers to check if they're affected. [4] The service for website owners costs $10 a month. [5] The check for consumers is free. [6]

Hold Security described the group responsible for the hack as a small group of "fewer than a dozen men in their 20s ... based in a small city in south central Russia, the region flanked by Kazakhstan and Mongolia", and dubbed the group CyberVor (Russian, lit. "cyber thief"). Hold claimed the hack was perpetrated through the use of SQL injection. [7] [8] According to a Forbes article, Hold Security says that not all the 1.2 billion credentials were stolen this way, there are also ones that CyberVor simply bought from people that used other means, and Hold Security doesn't know what the split is. [9]

Criticism of Hold Security

Forbes columnist, Kashmir Hill, noted "The Internet predictably panicked as the story of yet another massive password breach went viral." and "[T]his is a pretty direct link between a panic and a pay-out for a security firm." [5] Hold Security's website has a service offering people to check if their username and password pair has been stolen. It requires people to send Hold Security encrypted versions of their passwords. [4]

Skepticism

No named independent sources came forward to confirm the breach, [5] and Forbes columnist, Joseph Steinberg, even expressed outright skepticism about many of the "facts" claimed about the breach, raising questions about the trustworthiness of the reports of the breach altogether. [4]

Related Research Articles

<span class="mw-page-title-main">Adobe Inc.</span> American multinational software company

Adobe Inc., originally called Adobe Systems Incorporated, is an American multinational computer software company incorporated in Delaware and headquartered in San Jose, California. It has historically specialized in software for the creation and publication of a wide range of content, including graphics, photography, illustration, animation, multimedia/video, motion pictures, and print. Its flagship products include Adobe Photoshop image editing software; Adobe Illustrator vector-based illustration software; Adobe Acrobat Reader and the Portable Document Format (PDF); and a host of tools primarily for audio-visual content creation, editing and publishing. Adobe offered a bundled solution of its products named Adobe Creative Suite, which evolved into a subscription software as a service (SaaS) offering named Adobe Creative Cloud. The company also expanded into digital marketing software and in 2021 was considered one of the top global leaders in Customer Experience Management (CXM).

In cryptanalysis and computer security, password cracking is the process of recovering passwords from data that has been stored in or transmitted by a computer system in scrambled form. A common approach is to repeatedly try guesses for the password and to check them against an available cryptographic hash of the password. Another type of approach is password spraying, which is often automated and occurs slowly over time in order to remain undetected, using a list of common passwords.

<span class="mw-page-title-main">SQL injection</span> Computer hacking technique

In computing, SQL injection is a code injection technique used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution. SQL injection must exploit a security vulnerability in an application's software, for example, when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed. SQL injection is mostly known as an attack vector for websites but can be used to attack any type of SQL database.

<span class="mw-page-title-main">Data breach</span> Intentional or unintentional release of secure information

A data breach is a security violation, in which sensitive, protected or confidential data is copied, transmitted, viewed, stolen, altered or used by an individual unauthorized to do so. Other terms are unintentional information disclosure, data leak, information leakage and data spill. Incidents range from concerted attacks by individuals who hack for personal gain or malice, organized crime, political activists or national governments, to poorly configured system security or careless disposal of used computer equipment or data storage media. Leaked information can range from matters compromising national security, to information on actions which a government or official considers embarrassing and wants to conceal. A deliberate data breach by a person privy to the information, typically for political purposes, is more often described as a "leak".

Teamp0ison was a computer security research group consisting of 3 to 5 core members. The group gained notoriety in 2011/2012 for its blackhat hacking activities, which included attacks on the United Nations, NASA, NATO, Facebook, Minecraft Pocket Edition Forums, and several other large corporations and government entities. TeaMp0isoN disbanded in 2012 following the arrests of some of its core members, "TriCk", and "MLT".

The 2012 LinkedIn hack refers to the computer hacking of LinkedIn on June 5, 2012. Passwords for nearly 6.5 million user accounts were stolen. Yevgeniy Nikulin was convicted of the crime and sentenced to 88 months in prison.

<span class="mw-page-title-main">NullCrew</span>

NullCrew was a hacktivist group founded in 2012 that took responsibility for multiple high-profile computer attacks against corporations, educational institutions, and government agencies.

Fancy Bear is a Russian cyber espionage group. Cybersecurity firm CrowdStrike has said with a medium level of confidence that it is associated with the Russian military intelligence agency GRU. The UK's Foreign and Commonwealth Office as well as security firms SecureWorks, ThreatConnect, and Mandiant, have also said the group is sponsored by the Russian government. In 2018, an indictment by the United States Special Counsel identified Fancy Bear as GRU Unit 26165.

<span class="mw-page-title-main">Have I Been Pwned?</span> Consumer security website and email alert system

Have I Been Pwned? is a website that allows Internet users to check whether their personal data has been compromised by data breaches. The service collects and analyzes hundreds of database dumps and pastes containing information about billions of leaked accounts, and allows users to search for their own information by entering their username or email address. Users can also sign up to be notified if their email address appears in future dumps. The site has been widely touted as a valuable resource for Internet users wishing to protect their own security and privacy. Have I Been Pwned? was created by security expert Troy Hunt on 4 December 2013.

Alex Holden is the owner of Hold Security, a computer security firm. As of 2015, the firm employs 16 people.

Credential stuffing is a type of cyberattack in which the attacker collects stolen account credentials, typically consisting of lists of usernames and/or email addresses and the corresponding passwords, and then uses the credentials to gain unauthorized access to user accounts on other systems through large-scale automated login requests directed against a web application. Unlike credential cracking, credential stuffing attacks do not attempt to use brute force or guess any passwords – the attacker simply automates the logins for a large number of previously discovered credential pairs using standard web automation tools such as Selenium, cURL, PhantomJS or tools designed specifically for these types of attacks, such as Sentry MBA, SNIPR, STORM, Blackbullet and Openbullet.

The Internet service company Yahoo! was subjected to the largest data breach on record. Two major data breaches of user account data to hackers were revealed during the second half of 2016. The first announced breach, reported in September 2016, had occurred sometime in late 2014, and affected over 500 million Yahoo! user accounts. A separate data breach, occurring earlier around August 2013, was reported in December 2016. Initially believed to have affected over 1 billion user accounts, Yahoo! later affirmed in October 2017 that all 3 billion of its user accounts were impacted. Both breaches are considered the largest discovered in the history of the Internet. Specific details of material taken include names, email addresses, telephone numbers, encrypted or unencrypted security questions and answers, dates of birth, and hashed passwords. Further, Yahoo! reported that the late 2014 breach likely used manufactured web cookies to falsify login credentials, allowing hackers to gain access to any account without a password.

Hack Forums is an Internet forum dedicated to discussions related to hacker culture and computer security. The website ranks as the number one website in the "Hacking" category in terms of web-traffic by the analysis company Alexa Internet. The website has been widely reported as facilitating online criminal activity, such as the case of Zachary Shames, who was arrested for selling keylogging software on Hack Forums in 2013 which was used to steal personal information.

Cyber spying on universities is the practice of obtaining secrets and information without the permission and knowledge of the university through its information technology system. Universities in the United Kingdom, including Oxford and Cambridge, have been targets, as have institutions in the US and Australia.

<span class="mw-page-title-main">2020 United States federal government data breach</span> US federal government data breach

In 2020, a major cyberattack suspected to have been committed by a group backed by the Russian government penetrated thousands of organizations globally including multiple parts of the United States federal government, leading to a series of data breaches. The cyberattack and data breach were reported to be among the worst cyber-espionage incidents ever suffered by the U.S., due to the sensitivity and high profile of the targets and the long duration in which the hackers had access. Within days of its discovery, at least 200 organizations around the world had been reported to be affected by the attack, and some of these may also have suffered data breaches. Affected organizations worldwide included NATO, the U.K. government, the European Parliament, Microsoft and others.

ShinyHunters is a criminal black-hat hacker group that is believed to have formed in 2020 and is said to have been involved in numerous data breaches. The stolen information is often sold on the dark web.

References

  1. "Russia gang hacks 1.2 billion usernames and passwords". BBC News. August 6, 2014. Archived from the original on September 28, 2018. Retrieved June 21, 2018.
  2. Sullivan, Gail (August 6, 2014). "Russian hackers steal more than 1 billion passwords. Security firm seizes opportunity". The Washington Post . Archived from the original on August 7, 2014. Retrieved August 6, 2014.
  3. 1 2 Perlroth, Nicole (August 5, 2014). "Russian Gang Amasses Over a Billion Internet Passwords". The New York Times. Archived from the original on August 5, 2014. Retrieved August 6, 2014.
  4. 1 2 3 4 Joseph Steinberg (August 7, 2014). "Why I Am Skeptical About 1.2-Billion Passwords Being Stolen". Forbes. Archived from the original on August 11, 2014. Retrieved August 7, 2014.
  5. 1 2 3 Hill, Kashmir (August 5, 2014). "Firm That Exposed Breach Of 'Billion Passwords' Quickly Offered $120 Service To Find Out If You're Affected". Forbes. Archived from the original on August 8, 2014. Retrieved August 7, 2014.
  6. "CyberVor Breach FAQ". Hold Security. August 12, 2014. Archived from the original on August 19, 2014. Retrieved August 18, 2014.
  7. Marks, Joseph (August 5, 2014). "Russian hacking gang steals more than 1 billion usernames and passwords". Politico . Archived from the original on August 8, 2014. Retrieved August 6, 2014.
  8. "Russian hackers 'stole 1.2 billion passwords'". Al Jazeera . 7 August 2014. Archived from the original on 9 February 2022. Retrieved 9 February 2022.
  9. Thomas, Brewster (August 12, 2014). "The Man Who Found 1.2 Billion Stolen Passwords: Negative Publicity Harming My Business". Forbes. Archived from the original on August 16, 2014. Retrieved August 18, 2014.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.