- CyberVor reportedly stole over 4.5 billion consumer records from 420,000 websites over several months.
- 1.2 billion of these records were unique, meaning it has affected 1/7 of the world’s population.
- The name ‘CyberVor’ was given to the Russian cybercrime ring by Hold Security, who discovered the breach. ‘Vor’ means ‘theft’ in Russian.
- According to Hold Security, CyberVor employed a black market-purchased botnet that could identify SQL vulnerabilities on the sites it visited.
- The gang’s botnet searched for sites vulnerable to SQL injection flaws that would allow it to find the logins that could later be spammed or phished.
- This is said to be the largest data breach known to date.
- The attack was first reported in the New York Times.
- Hold Security has offered to charge website owners to see if they have been affected. This has been met by some criticism regarding the charging an upfront fee.
- Forbes have pointed out that things don’t really add up – no disclosures were given by Hold Security about the details of the breach, but they were quick to pump up the numbers so that the story went viral.
Don’t know what to believe?
Whatever the facts are in this case, your organisation can help to protect itself from similar attacks with a few simple same security measures. IT Governance advises following cyber security best practice and not reusing passwords across multiple sites. Once a hacker has your data, every account you use is vulnerable to attack.