A US security firm says Russian hackers have stolen 1.2 billion usernames and passwords in a series of internet heists affecting 420,000 websites.
According to Hold Security, the firm that uncovered the breach, the hackers had been collecting databases of personal information for years. Alex Holden, Chief Information Security Officer at Hold Security, said on Wednesday that in April the group began deploying a new online attack technique that quickly shot from computer system to computer system as unwitting infected users visited random websites.
"Their data caches seemed to grow from April on at a rather alarming scale, getting them to what it is or what it was at the time," Holden said. Holden has also exposed major hacks, including a breach at Adobe that involved tens of millions of customer records.
Holden said he had been tracking the Russian criminals for seven months, but only was able to begin reviewing their massive cache of databases during the past few weeks. Holden timed his announcement to coincide with the annual Black Hat USA cyber security conference this week in Las Vegas, where it created quite a buzz.
Holden's discovery was revealed in the New York Times on Tuesday. The identities of the websites that were broken into were not identified by the Times, which cited nondisclosure agreements that required Hold Security to keep some information confidential.
The reported break-ins are the latest incidents to raise doubts about the security measures that both big and small companies use to protect people's information online. Security experts believe hackers will continue breaking into computer networks unless companies become more vigilant.