Ladies, please help Conflict come to terms with his homosexuality

After more than seven months of research, Hold Security identified a Russian cyber gang which is currently in possession of the largest cache of stolen data. While the gang did not have a name, we dubbed it “CyberVor” (“vor” meaning “thief” in Russian).

The CyberVor gang amassed over 4.5 billion records, mostly consisting of stolen credentials. 1.2 billion of these credentials appear to be unique, belonging to over half a billion e-mail addresses. To get such an impressive number of credentials, the CyberVors robbed over 420,000 web and FTP sites.
How did this occur?

Initially, the gang acquired databases of stolen credentials from fellow hackers on the black market. These databases were used to attack e-mail providers, social media, and other websites to distribute spam to victims and install malicious redirections on legitimate systems. Earlier this year, the hackers altered their approach. Through the underground black market, the CyberVors got access to data from botnet networks (a large group of virus-infected computers controlled by one criminal system). These botnets used victims’ systems to identify SQL vulnerabilities on the sites they visited. The botnet conducted possibly the largest security audit ever. Over 400,000 sites were identified to be potentially vulnerable to SQL injection flaws alone. The CyberVors used these vulnerabilities to steal data from these sites’ databases. To the best of our knowledge, they mostly focused on stealing credentials, eventually ending up with the largest cache of stolen personal information, totaling over 1.2 billion unique sets of e-mails and passwords.
Who is affected?

The CyberVors did not differentiate between small or large sites. They didn’t just target large companies; instead, they targeted every site that their victims visited. With hundreds of thousands sites affected, the list includes many leaders in virtually all industries across the world, as well as a multitude of small or even personal websites.
The numbers

4.5 billion credentials seems like an impossible number, but just think of how many sites require you to register your e-mail address and, let’s face it, almost everyone re-uses their passwords. So, it’s not hard to see how some of us could have been victimized more than once. A credential pair is a combination of user id (mostly e-mail) and password and we have discovered 1.2 billion of such unique pairs that have been breached. If we narrow it down by unique e-mail addresses, we still have over half a billion records since there may be multiple password corresponding to a single e-mail address. Not all of them are valid or current. Some people use fake e-mail addresses, in other cases the CyberVor gang might have stolen credentials that belonged to an e-mail address that you no longer have (i.e. something you used with your previous employer) or a password that you haven’t used for over a decade, or even a default password automatically assigned to you by a website. Yet the sheer number of credentials can potentially open a door to many systems and accounts.
What do we do now?

Do not panic! Try to strategize.

Companies – check if your website is susceptible to a SQL injection. It is hard to spot and it may be not on your main site but on one of your auxiliary sites instead. If your websites are vulnerable, this is not the last time you can be victimized. Hold Security is proud to announce our new Breach Notification Service (BNS). After we verify your identity and entitlements to the website(s) or domain(s), we can tell you if you have been impacted by this or other breaches. Our Pen Testing and Audit Services are also available to investigate further and may find vulnerabilities that are yet to be discovered. Also, to keep your users protected from this and many other breaches, join our Credentials Integrity Service and we will be able to notify you if any of them have had their credentials stolen.

Individuals – the ultimate victims of the CyberVor gang are the end-users. Hold Security is proud to announce that we will be providing full electronic identity monitoring service to all the individuals within the next 60 days. Even if you are currently using another Identity Protection Service, your electronic identity may still be vulnerable. While we getting our full service ready, we are inviting you to express your interest by pre-registering, free of charge and without any commitment. Once you register and complete a simple verification process, you will be able to check if your credentials have been found in CyberVor’s possession. We anticipate an overwhelming volume of requests, but please be patient and we will try to help you! We have developed a secure methodology for you to share with us a very strong (SHA512) cryptographic representation of your passwords for verification.