According to US-based online security company Holds Security, the unique internet logins belonged to holders of more than 500 million e-mail addresses, with some people being robbed of more than one login set.
The gang, which was dubbed by the company as ‘CyberVor’ (‘vor’ translates to ‘thief’ in Russian), targeted more than 420,000 websites, the total volume of the collection compiled by the gang reaching 4.5 billion records.
The fraudsters started by buying stolen credentials from fellow hackers on the black market, and then using them to attack e-mail providers, social media and other websites to plant viruses that redirected traffic to the hackers’ systems and to distribute spam. But the group changed its tactics in 2014 when it started buying data from criminals that exposed website vulnerabilities, allowing CyberVor to also steal login details from those websites databases.
Holds Security did not release the names of the websites that have been affected.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now
We welcome comments that add value to the discussion. We attempt to block comments that use offensive language or appear to be spam, and our editors frequently review the comments to ensure they are appropriate. If you see a comment that you believe is inappropriate to the discussion, you can bring it to our attention by using the report abuse links. As the comments are written and submitted by visitors of the The Paypers website, they in no way represent the opinion of The Paypers.