A Russian crime ring has stolen login data from 1.2 billion Internet users, the largest known collection of such compromised data. The hackers targeted websites of tech companies around the world, both large and small.
A cybersecurity firm has uncovered the largest known collection of stolen computer data - some 1.2 billion Internet user name and password combinations and more than 500 million email addresses, the New York Times reported Tuesday.
Hold Security of Milwaukee, Wisconsin, which made the discovery, said the data was amassed by a crime ring based in south central Russia that include less than a dozen men in their twenties, according to the report.
At least for now, the hackers have apparently refrained from selling much of the data. Instead they have used it to spam Internet users on social networks like Twitter for malicious clients, whom they charge a fee.
Hold Security refused to disclose the names of the 420,000 websites affected by the breach, saying only that it included both large tech companies and smaller, lesser known ones.
The hackers targeted companies around the world. Some of their victims were Russian, precluding any suspicion that the Russian government could have been involved in the attack, the newspaper reported.
"Hackers did not just target US companies, they targeted any website they could get, ranging from Fortune 500 companies to very small websites," the New York Times quoted Alex Holden, the founder of Hold Security, as saying.
Analysts have noted that many Internet users have the same password for multiple websites, making them more vulnerable because only one account needs to be compromised for their data to be stolen.
cjc/uhe (Reuters, dpa)