Since the beginning of the year 2014, several significant Internet-related breaches have been discovered, including the last one that deals with stolen Internet credentials and emails addresses. In total, over 360 million stolen credentials were identified in February 2014. The Internet security firm Hold Security discovered that the breach was committed by a Russian gang. The cyber group is now believed to possess the largest set of stolen data, which can be used for various purposes. Since the name of the gang was unknown, the researchers budded it CyberVor.
The CyberVor gang is known to have amassed over 4.5 billion records. Over 1.2 billion of these records are unique combinations of a user ID and password, and this number of credentials makes about half a billion unique email addresses.
Hold Security says that the criminals hacked major email service providers, including Google, Yahoo, and Microsoft.
In order to gather your email login details, cyber criminals use different methods. For example, your personal information may be acquired from servers and service providers possessing your personal information. In the case of CyberVog’s attack, over 420,000 websites and FTP sites were attacked. The results of the analyses imply that the criminals did not have a particular target because the sizes of the affected companies vary.
The criminals employed botnet networks to search for SQL vulnerabilities, which were exploited to steal data from the databases of those vulnerable websites.
In some cases, CyberVog uploaded some malicious files to FTP servers so that unsuspecting users are directed to websites advertising work-at-home schemes and other questionable offers, which were expected to lure users into downloading malicious files or revealing their personal information.
Some companies that were not compromised, including UNICEF, disabled their FTP applications in order prevent damage while the issue was under investigation.
The estimated number of breached credentials is not equal the number of victims because a lot of passwords are not valid or current. There are a lot of fake email addresses; the criminals might have stolen an email address that is no longer accessible, and some of the passwords obtained might have been generated automatically by some websites.
We recommend that you change the passwords of you email box and other accounts in order to avoid more serious damage. Within two months, Hold Security will enable you to check whether CyberVog has hacked your email or not.