The Federal Bureau of Investigation (FBI) has linked a hacker to the theft of 1.2 billion login credentials. The FBI has filed court documents stating that the hacker once advertised to have user account information for popular social media websites such as Facebook and Twitter.
The documents, made public by a court in Milwaukee, Wisconsin, revealed details about the FBI’s probe of what may become the largest record of stolen login credentials.
Per the court documents, Milwaukee-based cybersecurity firm Hold Security identified the hacker, known only as “mr.grey,” in August 2014. Hold Security was able to find the hacker after it obtained important information regarding a hacker group in Russia, dubbed CyberVor, which was responsible for stealing data from more than 20,000 websites.
“The CyberVor gang amassed over 4.5 billion records, mostly consisting of stolen credentials. 1.2 billion of these credentials appear to be unique, belonging to over half a billion email addresses. To get such an impressive number of credentials, the CyberVors robbed over 420,000 Web and FTP sites,” explains Hold Security.
The FBI investigators also found a list of domain names that were probably used to send spam. The investigation also exposed an email ID that was registered in 2010 linked to mr.grey.
Alex Holden, the chief information security officer at Hold Security, says that it is likely that the hacker operated or even had access to large amounts of stolen data obtained from viruses and malware.
A Reuters report notes that the FBI as well as Twitter and Facebook have declined to comment about the incident. The U.S. Justice Department has not issued any comments on the stolen data.
Cybersecurity is a growing concern for businesses as well as individuals. Businesses have the responsibility to keep their customer data safe, and should employ robust security tools that can fend off any cybersecurity threats.
Individuals should not share their login details, passwords, bank account details and other sensitive account information with anyone to avoid becoming a victim of cybertheft. Netizens should also change passwords as soon as they fear that they are a target of cybercrime.