Connect with us

Hi, what are you looking for?



Russian Hackers Obtained 1.2 Billion Passwords: Report

Password Lists

Password Lists

A Russian hacker group has obtained an estimated 1.2 billion unique Internet credentials collected from various websites around world, security and risk management firm Hold Security, LLC reported on Tuesday.

According to the security firm, the user names and passwords were stolen from roughly 420,000 websites of all different sizes. The hackers also gained access to more than 500 million email addresses.

Overall, they say the cyber gang amassed over 4.5 billion records, of which the 1.2 billlion mentioned were unique credentials.

How they did it

According to the company, the hackers originally acquired databases of stolen credentials from other cybercriminals on the black market, which were used to attack e-mail providers, social media, and other websites to distribute spam to victims and install malicious redirections on legitimate systems. 

Later, however, the security firm said the hackers, dubbed the “CyberVor” gang by Hold Security, changed their approach to leverage botnets in order to conduct their attacks.

“These botnets used victims’ systems to identify SQL vulnerabilities on the sites they visited, the blog post explained. “The botnet conducted possibly the largest security audit ever. Over 400,000 sites were identified to be potentially vulnerable to SQL injection flaws alone”

The attackers used the vulnerabilities to steal data from these sites’ databases, eventually ending up with the largest cache of stolen personal information ever found, they said.

Advertisement. Scroll to continue reading.

Alex Holden, founder and chief information security officer of Hold Security, told SecurityWeek that his firm is not going to be publishing the full report in order to protect the privacy of the victims.

News of the discoverey was first reported by Nicole Perlroth and David Gelles of the New York Times

“Hackers did not just target U.S. companies, they targeted any website they could get, ranging from Fortune 500 companies to very small websites,” Holden told the Times.

Most of the sites that the hackers pillaged are still vulnerable, Holden said. The Times said the group is based in a small city in south central Russia and includes fewer than a dozen men in their 20s “who know one another personally — not just virtually.”

“This issue reminds me of an iceberg, where 90 percent of it is actually underwater,” John Prisco, CEO of Triumfant, told SecurityWeek in an emailed statement. “That’s what is going on here with the news of 1.2 billion credentials exposed. So many cyber breaches today are not actually reported, often times because companies are losing information and they are not even aware of it.”

“Today, we have learned of a huge issue where it seems like billion passwords were stolen overnight, but in reality the iceberg has been mostly submerged for years – crime rings have been stealing information for years, they’ve just been doing it undetected because there hasn’t been a concerted effort on the part of companies entrusted with this information to protect it,” Prisco continued.

An Urgent Call for Two-factor Authentication

Eric Cowperthwaite, vice president, advanced security & strategy at Core Security, explained that this is another example of the pressing need for users and companies to leverage two-factor authentication.

“Companies need to transition to two-factor authentication,” Cowperthwaite said. “Companies such as Facebook and Twitter have finally started offering two-factor authentication, but the bottom line is that most users aren’t taking advantage of it.”

“Banks, as a standard practice, should absolutely be using two-factor authentication,” Cowperthwaite added. “They have a certain amount of loss from fraud built into their operating model – they just accept that it will happen. This acceptance is a shame since there are many simple ways to reduce those costs significantly.”

Holden told the Times that his team has started to alert victimized companies of breaches, but had been unable to reach every website. He also said that Hold Security was working to develop an online tool that enables users to test and see if their personal information is in the database.

“Russian cyber gangs are known for breaking in to steal whatever they can as quickly as possible,” said Joshua Roback, Security Architect, SilverSky. “We should expect to see these accounts for sale on underground forums before the week is through.”

“Understanding why passwords are so valuable to hackers can both explain and prepare enterprises to deal with potential security vulnerabilities,” SecurityWeek columnist Gil Zimmermann noted in a December 2013 column. “There are potentially hundreds of uses for stolen passwords once they are obtained.”

While not close to the scope of this recently disclosed discover, Germany’s Federal Office for Online Security (BSI) warned Internet users in January that cybercriminals had obtained a list of 16 million email addresses and passwords.

Related: Hackers Just Made Off with Two Million Passwords, Now What?


Written By

For more than 15 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.


SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.


People on the Move

Professional services company Slalom has appointed Christopher Burger as its first CISO.

Allied Universal announced that Deanna Steele has joined the company as CIO for North America.

Former DoD CISO Jack Wilmer has been named CEO of defensive and offensive cyber solutions provider SIXGEN.

More People On The Move

Expert Insights

Related Content


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.