Described as one of the biggest hacks Internet has ever seen, a Russian gang of hackers have stolen whooping 1.2 billion usernames and passwords from 420,000 websites all over the world. Luckily, the hackers didn’t sell this information, but are using them to spam the social media networks of the website owners.
The hacking details were unearthed by Hold Security, a security and risk management company based in Milwaukee, Wisconsin (US). As per their blog post, a cyber gang which is based in Russia used the dreaded SQL Injection method to carry off this biggest ever heist of user names and passwords.
Around 4.5 billion records are in possession of this gang, out of which 1.2 billion ‘appear’ to be unique. More than half a billion email addresses, and their associated passwords for the websites has been stolen. As per their estimates, more than 420,000 websites and their FTPs are in direct danger now.
Hold Security didn’t reveal the names of the websites which have been targeted, citing non-disclosure agreements they have signed with them to eradicate this problem. But their blog post mentions that victims of this hacking incident involves some big names as well small website owners from all over the world.
New York Times contact few independent security experts to analyze this digital heist, and they have confirmed that the Russian cyber gang has indeed stolen billion+ usernames and passwords. They also reported that some of the big Internet companies are aware of this hack, and are securing their systems to ward off future attempts.
Modus Operandi: How Did It Happen?
Traditionally, hackers buy email database and website data from the black market and then spam them with offers and advertisements to make quick bucks. In some cases, they use this information to inject viruses and spywares in their systems. Such activities can be monitored by using anti-virus systems.
But in this case, the hackers refined and polished their approach and used botnet networks, which are large network of virus infected computers controlled by one single system. They programmed the botnet to discover SQL vulnerabilities of the websites where users of these computers visited.
For example, say Mohan uses a virus infected computer in a cyber café in Mumbai, and visits www.example.com, which is vulnerable to SQL related hacks. The hackers instantly identified www.example.com from the botnet network and performed SQL injection and other hacking stunts to retrieve information such as username, passwords and associated email addresses. Hence, using Mohan’s virus infected computer which is a part of the botnet, credentials of www.example.com were hacked away.
Repeat this to 420,000+ websites, and the gang successfully uncovered billions of secured data.
This is the reason one security expert described this as “possibility the largest audit of websites ever”.
Webmasters: Protect Yourself
Considering that the hackers targeted websites which have weak SQL protection, it is suggested that website owners check whether their website is prone to SQL Injections or not. Contacting security experts is strongly recommended.
Interestingly, several paid services have come-up which are offering tests and examinations of websites to check whether they are vulnerable to such SQL related hacking attempts. It is advised to do proper research and investigation before opting for such paid services.
Meanwhile, it is being advised that passwords of website access should be changed and a stronger password with combinations of numerical and special characters be used. Another point: Do not use the same password for managing website and emails. Create separate passwords, and keep them changing every week or so.