According to US-based online security company Holds Security, the unique internet logins belonged to holders of more than 500 million e-mail addresses, with some people being robbed of more than one login set.
The gang, which was dubbed by the company as ‘CyberVor’ (‘vor’ translates to ‘thief’ in Russian), targeted more than 420,000 websites, the total volume of the collection compiled by the gang reaching 4.5 billion records.
The fraudsters started by buying stolen credentials from fellow hackers on the black market, and then using them to attack e-mail providers, social media and other websites to plant viruses that redirected traffic to the hackers’ systems and to distribute spam. But the group changed its tactics in 2014 when it started buying data from criminals that exposed website vulnerabilities, allowing CyberVor to also steal login details from those websites databases.
Holds Security did not release the names of the websites that have been affected.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now