Hacking group CyberVor has recently obtained around 1.2 billion unique username and login pairs by comprising 420,000 websites using SQL injections.
This comes as part of a new release from Hold Security, a firm focused on information security, risk management and incident response.
CyberVor has been working together since at least 2011, and has been focused on using rented bot-infected machines around the world. Each infected machine was monitored for different websites, and probed for the opportunity to conduct SQL injection attacks. Over time, the group was able to amass a substantial amount of information by tricking websites into leaking sensitive data.
Researchers from the firm monitored CyberVor attackers for more than seven months, and determined that the group was based in a city in Russia. Members were thought to be in their early 20s, and most likely numbering no more than a dozen. By the time Hold Security obtained the massive CyberVor data cache, over 4.5 billion records (including the logins) have been gathered.
The actions of the group differ from other attackers, as they opted to avoid the traditional sending of spam and distributing malware.
These SQL injection attacks are a common way of compromising web-facing systems, and certainly one of the most dangerous.
The sheer volume of sensitive records stolen should serve as a pertinent reminder that businesses need to have security measures in place.
Hold Security has advised companies to check if their websites are susceptible to SQL injections, focusing on both main and auxiliary sites.
All levels of IT operations need have some form of vulnerability management , from the company storage servers through to end-user computers and mobile devices.
Only with appropriate security solutions in place, along with regular system updates and staff security training, can businesses ensure protection from the innumerable cyber security threats.