A Milwaukee-based private security company on Tuesday has announced the discovery of an Internet hacking ring syndicate that has amassed a whopping 1.2 billion global usernames and passwords as well as 500 million email addresses.
The company Hold Security claimed the group's computer servers were believed to be in Russia. The hackers were also believed to have extracted confidential information from 420,000 websites, including even small Internet sites.
Hold Security would not reveal the identities of the victims, individuals and companies, saying some sites remained vulnerable.
"Hackers did not just target U.S. companies, they targeted any website they could get, ranging from Fortune 500 companies to very small websites," Alex Holden, the founder and chief information security officer of Hold Security, told the New York Times. "And most of these sites are still vulnerable."
He said some big companies already know that among the stolen information included their records.
If for any consolation, Holden said the crime syndicate hacked even the websites of their fellow nationals inside Russia. Holden believed the hackers have no connection with the Russian government.
Monitoring the movements of the hackers, Holden said the criminals so far haven't sold much the records they stole online.
What they saw was the stolen information was being used by the group to send spam on social networks like Twitter, the New York Times said.
The hackers, according to Holden, number less than a dozen men in their 20s. They are believed to be stationed in a small city in south central Russia, the region flanked by Kazakhstan and Mongolia.
"There is a division of labor within the gang," Holden said. "Some are writing the programming, some are stealing the data. It's like you would imagine a small company; everyone is trying to make a living."
They started in 2011 as amateur spammers, and then accelerated their activity in April where Holden believed they have partnered with another entity to gain hacking knowledge, techniques and tools. Using botnets, the Russian hackers managed to capture credentials on a mass scale.
By July 2014, Holden said the young criminals have collected 4.5 billion records. Hold Security found 1.2 billion of those records as well as 542 million email addresses were unique.