The web is abuzz with a report from a Milwaukee-based security firm called Hold Security saying that they have evidence showing a Russian hacker ring has collected a whopping 1.2 billion usernames and passwords from around the web. They discovered this through the use of presumably proprietary deep web monitoring tools.
The first question that came to mind when I heard about this is whether or not this is the group that has been hacking WordPress sites with a massive Brute Force Attack using a botnet network with over 90,000 infected PCs and servers. This attack attempted to crack login passwords in WordPress and Joomla websites that used the default usernames for administrator logins. While the evidence of these attacks was overwhelming, the goal for the attacks was always a mystery. We only found one client’s WordPress site where someone created a user account named ‘sysadmin@wordpress.org‘. We assumed this was an entryway created after the password for the ‘admin’ username was cracked.
Although the actual name for the Russian group is unknown, Hold Security has coined the moniker CyberVors. ‘Vor’ apparently means ‘thief’ in Russian.
It looks like the CyberVors botnet was free-ranging as well as ingenious. It targeted all types of sites, large and small, from a wide range of industries. The real number of passwords collected is much larger than 1.2 billion. That number only represents the ‘unique pairs’ of usernames and passwords due to the fact that most people use the same username and password across multiple sites. If you’ve been guilty of that practice, it might be a good idea to change all the passwords at any e-commerce sites that store your credit card or other payment info, as well as payment sites, such as PayPal.
Most of the information appears to have been extracted using SQL Injection attacks. If a site is vulnerable, SQL injection allows a hacker to display all of the information is a database table. SQL injection problems have been around for several years. Current versions of WordPress and most current e-commerce sites are not susceptible to this form of attack, so that infers most of the data obtained was from older websites.
Any way you look at it, if the numbers are accurate, they certainly are staggering and indicate how vulnerable our information has become.