Russian hackers steal 1.2B passwords2014-08-06 09:12 by Daniela
Tags: hackers, security, SQL injection
Russian hackers have stolen 1.2 billion user names and passwords in a series of Internet heists affecting 420,000 websites, according to Hold Security, a Milwaukee firm that has a history of uncovering online security breaches.
"Whether you are a computer expert or a technophobe, as long as your data is somewhere on the World Wide Web, you may be affected by this breach," Hold Security warned in a blog post published Tuesday. "Your data has not necessarily been stolen from you directly. It could have been stolen from the service or goods providers to whom you entrust your personal information, from your employers, even from your friends and family."
The hackers didn't discriminate as to what kinds of websites they hit in this breach - they went after the most well known companies as well as mom-and-pop websites, said Hold Security. In total, more than 420,000 web and FTP sites were robbed. The firm hasn't yet released the names of these companies because those sites may still be vulnerable.
The technique believed to be used is a well-established one for plucking low-hanging fruit of the Internet. Computers all over the world, unknowingly infected with malware, formed a "botnet" doing the group's bidding. Each time a computer visited a site, it attempted a "SQL injection," in which items like search and comment fields are filled with code meant to force the site's database to spit out its contents. Such vulnerabilities are well known and fairly easily fixed, but thousands of websites clearly have yet to do so.
Read more -here-