The New York Times published a report today security detailing the breaches by a group believed to be the largest identity theft on the Internet. Based on the investigation conducted by the security company Hold Security, Russian hackers have breached 420.000 websites, and gathered about 540 million unique email addresses. In total, 1.2 has billions of usernames and passwords.
What makes matters worse is that most of the affected websites are still vulnerable, according to Hold Security founder Alex Holden. A source told The Times that "some major companies" have been told that the data they circulate them freely on the internet.”
The criminal group is suspected of using the information to promote social spam networks. The gang is believed to consist of "fewer than 12 men in their 20s, who know each other personally."
However security researchers from Kaspersky, Symantec and University College London dispute the news and report that private security firm Hold Security Yes, it has located the Russian team CyberVor, but it does not provide data confirming the data leak.