After the large database hacking last year in December (Target,) now it is said in a report by Hold Security Firm that Russian Hackers has amassed the largest known collection of stolen Internet credentials, including 1.2 billion user name and password combinations and more than 500 million email addresses, security researchers say.
Records which have been identified as hacked contains confidential material gathered from 420,000 websites, including household names, and small Internet sites.
Hold Security is that Firm which has previously revealed the theft of tens of millions of records from Adobe Systems.
If you are thinking of the sites which are hacked and about the data, so that was not disclosed, citing nondisclosure agreements and a reluctance to name companies whose sites remained vulnerable.
Security researchers not related to Hold Security have examined the data and approved it as authentic. Another computer crime expert who had reviewed the data, but was not allowed to discuss it publicly, said some big companies were aware that their records were among the stolen information.
“Hackers did not just target U.S. companies, they targeted any website they could get, ranging from Fortune 500 companies to very small websites,” said Alex Holden, the founder and chief information security officer of Hold Security. “And most of these sites are still vulnerable.”
How data is being Stolen?
This group is using Botnet to harm a machine and then the botnet infects other machine in the network locally or remotely, like one of your friend’s machine is infected with botnet, so the infected machine will try to send a malacious email to the contatcs of the mail.
Once, the machine is infected, the machine used to infect other machines, and along with this monitor each and every website visited by the compromised host’s user, probing for vulnerabilities to SQL injection attacks. Vulnerable sites were then plundered for any data they could be tricked into leaking, which was added to the gang’s epic cache.
SQL Injection Attacks:
This is a technique that used to compromise the database of a website, as the database is not allowed for access to a user, but can be accessed by a website itself. Hackers use various mind techniques to compromise a website with a SQL Injection to steal various confidential info like: username, passwords, credit card details and every personal info that you filed on the compromised website.
The researchers who uncovered the cache of data have described the technique as “possibly the largest security audit ever“.
Hold dubbed the Attackers team as ‘CyberVors,’ which is mainly spamming one system to another for juicy information, but later the login information could be used for Account Hijacking, so beware of any malicious mail and don’t even open any spam mail, until you know that is not SPAM.
How to protect yourself:
- Always use a strong password
- Make a Habit to change the password after a specific gap of days
- Use Two-Factor Authentication for your accounts
- Always check for any suspicious transaction from your credit or debit cards or online banking
- Use unique password for each website