Hold Security, previously known for its discovery of the Adobe data breach last year, recently announced a Russian cyber crime group it dubbed "CyberVors" allegedly stole information from 420,000 websites and FTP servers. Describing the hack as the largest data breach known to date, Hold Security believes the group have possession of 4.5 billion records, with 1.2 billion of those credentials being unique.
The company claims CyberVors didn't just target large sites but also the ones their victims visited, increasing the scale of the hack. Hundreds of thousands of sites are supposedly affected, including many leaders on different sectors becoming part of the breach. Not only the market leaders, but small sites - even personal ones - also suffered from the attack.
The report issued by Hold Security details the process as follows:
Through the underground black market, the CyberVors got access to data from botnet networks (a large group of virus-infected computers controlled by one criminal system). These botnets used victims’ systems to identify SQL vulnerabilities on the sites they visited. The botnet conducted possibly the largest security audit ever. Over 400,000 sites were identified to be potentially vulnerable to SQL injection flaws alone. The CyberVors used these vulnerabilities to steal data from these sites’ databases.
The hacker group haven't tried to sell the records online but they are using the data obtained to spam across social networks like Twitter.
It must be noted that Hold Security is a commercial company that makes money from protecting websites against these type of attacks and though not naming the victims, it offered to monitor websites for potential breaches for a monthly fee, claiming most of the sites are indeed still vulnerable.