(INTERNATIONAL) — In what may be the biggest security breach ever a Russian gang of computer hackers has obtained a huge cache of some 1.2 billion stolen user names and passwords, according to computer security experts.
That in turn exposes vulnerabilities in some 400,000 websites.
The report on Tuesday in the New York Times says the breach was discovered by Hold Security, a Milwaukee-based company.
The data beach is reported to include confidential material gathered from 420,000 websites, including household names, and small Internet sites.
Hold Security has a history of uncovering significant hacks, including the theft last year of tens of millions of records from Adobe Systems, said the report which noted that the company would not name the victims, citing nondisclosure agreements and a reluctance to name companies whose sites remained vulnerable.
The New York Times had a security expert not affiliated with Hold Security analyze the database of stolen credentials and that expert confirmed it was authentic.
"Another computer crime expert who had reviewed the data, but was not allowed to discuss it publicly, said some big companies were aware that their records were among the stolen information," said the Times report here .
Some items from the story:
~ The breach also includes 542 million email addresses “culled by the crew of twentysomethings based in a small south central Russian city.”
~ Hackers didn’t just target U.S. companies, they targeted any website they could get and that ranged from Fortune 500 companies to very small websites and most of those websites most of those sites are still vulnerable.
~ The gang does not appear to be working for the Russian government and as far as is known the gang has not sold the information. Instead, the gang has been paid by third-party groups to use their cache of online information to send spam on social media.
~ The Russian government rarely pursues hackers, meaning the gang can likely continue operating unimpeded, according to The Times.