2014 Russian hacker password theft

Last updated

The 2014 Russian hacker password theft was an alleged hacking incident resulting in the possible theft of over 1.2 billion internet credentials, including usernames and passwords, with hundreds of millions of corresponding e-mail addresses. [1] The data breach was first reported by The New York Times after being allegedly discovered and reported by Milwaukee-based information security company, Hold Security. [2] [3]

Contents

420,000 websites were reported to be affected. [4] According to The New York Times, some big companies knew that their user's credentials were among the stolen. [3] Hold Security did not disclose which sites were compromised, but instead offered two separate services, one for website owners and one for consumers to check if they were affected. [4] The service for website owners costed $10 a month. [5] The check for consumers were free. [6]

Hold Security described the group responsible for the hack as a small group of "fewer than a dozen men in their 20s ... based in a small city in south central Russia, the region flanked by Kazakhstan and Mongolia", and dubbed the group CyberVor (Russian, lit. "cyber thief"). Hold claimed the hack was perpetrated through the use of an SQL injection. [7] [8] According to a Forbes article, Hold Security said that not all the 1.2 billion credentials were stolen this way, as there were also ones that CyberVor simply bought from people that used other means, and Hold Security didn't know what the split is. [9]

Criticism of Hold Security

Forbes columnist Kashmir Hill noted "The Internet predictably panicked as the story of yet another massive password breach went viral." and "[T]his is a pretty direct link between a panic and a pay-out for a security firm." [5] Hold Security's website had a service offering people to check if their username and password pair had been stolen. It required people to send Hold Security encrypted versions of their passwords. [4]

Skepticism

No named independent sources came forward to confirm the breach, [5] and Forbes columnist, Joseph Steinberg, even expressed outright skepticism about many of the "facts" claimed about the breach, raising questions about the trustworthiness of the reports of the breach altogether. [4]

Related Research Articles

<span class="mw-page-title-main">Phishing</span> Form of social engineering

Phishing is a form of social engineering and a scam where attackers deceive people into revealing sensitive information or installing malware such as viruses, worms, adware, or ransomware. Phishing attacks have become increasingly sophisticated and often transparently mirror the site being targeted, allowing the attacker to observe everything while the victim navigates the site, and transverses any additional security boundaries with the victim. As of 2020, it is the most common type of cybercrime, with the FBI's Internet Crime Complaint Center reporting more incidents of phishing than any other type of cybercrime.

In cryptanalysis and computer security, password cracking is the process of guessing passwords protecting a computer system. A common approach is to repeatedly try guesses for the password and to check them against an available cryptographic hash of the password. Another type of approach is password spraying, which is often automated and occurs slowly over time in order to remain undetected, using a list of common passwords.

<span class="mw-page-title-main">SQL injection</span> Computer hacking technique

In computing, SQL injection is a code injection technique used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution. SQL injection must exploit a security vulnerability in an application's software, for example, when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed. SQL injection is mostly known as an attack vector for websites but can be used to attack any type of SQL database.

<span class="mw-page-title-main">Timeline of Internet conflicts</span>

The Internet has a long history of turbulent relations, major maliciously designed disruptions, and other conflicts. This is a list of known and documented Internet, Usenet, virtual community and World Wide Web related conflicts, and of conflicts that touch on both offline and online worlds with possibly wider reaching implications.

A data breach, also known as data leakage, is "the unauthorized exposure, disclosure, or loss of personal information".

Teamp0ison was a computer security research group consisting of 3 to 5 core members. The group gained notoriety in 2011/2012 for its blackhat hacking activities, which included attacks on the United Nations, NASA, NATO, Facebook, Minecraft Pocket Edition Forums, and several other large corporations and government entities. TeaMp0isoN disbanded in 2012 following the arrests of some of its core members, "TriCk", and "MLT".

The 2012 LinkedIn hack refers to the computer hacking of LinkedIn on June 5, 2012. Passwords for nearly 6.5 million user accounts were stolen. Yevgeniy Nikulin was convicted of the crime and sentenced to 88 months in prison.

In July 2012, Yahoo Voice, a user-generated content platform owned by Yahoo, suffered a major data breach. On July 11, 2012, a hacking group calling itself "D33DS Company" posted a file online containing approximately 450,000 login credentials and passwords from Yahoo Voice users. The data was obtained through a SQL injection attack that exploited vulnerabilities in Yahoo's database servers.

<span class="mw-page-title-main">NullCrew</span>

NullCrew was a hacktivist group founded in 2012 that took responsibility for multiple high-profile computer attacks against corporations, educational institutions, and government agencies.

Fancy Bear is a Russian cyber espionage group. Cybersecurity firm CrowdStrike has said with a medium level of confidence that it is associated with the Russian military intelligence agency GRU. The UK's Foreign and Commonwealth Office as well as security firms SecureWorks, ThreatConnect, and Mandiant, have also said the group is sponsored by the Russian government. In 2018, an indictment by the United States Special Counsel identified Fancy Bear as GRU Unit 26165. This refers to its unified Military Unit Number of the Russian army regiments. The headquarters of Fancy Bear and the entire military unit, which reportedly specializes in state-sponsored cyberattacks and decryption of hacked data, were targeted by Ukrainian drones on July 24, 2023, the rooftop on an adjacent building collapsed as a result of the explosion.

<span class="mw-page-title-main">Have I Been Pwned?</span> Consumer security website and email alert system

Have I Been Pwned? is a website that allows Internet users to check whether their personal data has been compromised by data breaches. The service collects and analyzes hundreds of database dumps and pastes containing information about billions of leaked accounts, and allows users to search for their own information by entering their username or email address. Users can also sign up to be notified if their email address appears in future dumps. The site has been widely touted as a valuable resource for Internet users wishing to protect their own security and privacy. Have I Been Pwned? was created by security expert Troy Hunt on 4 December 2013.

Alex Holden is the owner of Hold Security, a computer security firm. As of 2015, the firm employs 16 people.

Credential stuffing is a type of cyberattack in which the attacker collects stolen account credentials, typically consisting of lists of usernames or email addresses and the corresponding passwords, and then uses the credentials to gain unauthorized access to user accounts on other systems through large-scale automated login requests directed against a web application. Unlike credential cracking, credential stuffing attacks do not attempt to use brute force or guess any passwords – the attacker simply automates the logins for a large number of previously discovered credential pairs using standard web automation tools such as Selenium, cURL, PhantomJS or tools designed specifically for these types of attacks, such as Sentry MBA, SNIPR, STORM, Blackbullet and Openbullet.

In 2013 and 2014, the American web services company Yahoo was subjected to two of the largest data breaches on record. Although Yahoo was aware, neither breach was revealed publicly until September 2016.

ShinyHunters is a black-hat criminal hacker group that is believed to have formed in 2020 and is said to have been involved in numerous data breaches. The stolen information is often sold on the dark web.

Jerico Pictures, Inc., doing business as National Public Data, is a data broker company that performs employee background checks. Their primary service is collecting information from public data sources, including criminal records, addresses, and employment history, and offering that information for sale.

References

  1. "Russia gang hacks 1.2 billion usernames and passwords". BBC News. August 6, 2014. Archived from the original on September 28, 2018. Retrieved June 21, 2018.
  2. Sullivan, Gail (August 6, 2014). "Russian hackers steal more than 1 billion passwords. Security firm seizes opportunity". The Washington Post . Archived from the original on August 7, 2014. Retrieved August 6, 2014.
  3. 1 2 Perlroth, Nicole (August 5, 2014). "Russian Gang Amasses Over a Billion Internet Passwords". The New York Times. Archived from the original on August 5, 2014. Retrieved August 6, 2014.
  4. 1 2 3 4 Joseph Steinberg (August 7, 2014). "Why I Am Skeptical About 1.2-Billion Passwords Being Stolen". Forbes. Archived from the original on August 11, 2014. Retrieved August 7, 2014.
  5. 1 2 3 Hill, Kashmir (August 5, 2014). "Firm That Exposed Breach Of 'Billion Passwords' Quickly Offered $120 Service To Find Out If You're Affected". Forbes. Archived from the original on August 8, 2014. Retrieved August 7, 2014.
  6. "CyberVor Breach FAQ". Hold Security. August 12, 2014. Archived from the original on August 19, 2014. Retrieved August 18, 2014.
  7. Marks, Joseph (August 5, 2014). "Russian hacking gang steals more than 1 billion usernames and passwords". Politico . Archived from the original on August 8, 2014. Retrieved August 6, 2014.
  8. "Russian hackers 'stole 1.2 billion passwords'". Al Jazeera . 7 August 2014. Archived from the original on 9 February 2022. Retrieved 9 February 2022.
  9. Thomas, Brewster (August 12, 2014). "The Man Who Found 1.2 Billion Stolen Passwords: Negative Publicity Harming My Business". Forbes. Archived from the original on August 16, 2014. Retrieved August 18, 2014.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.