LONDON: An internet security firm has stumbled upon a “mind boggling” and “Godzilla-sized” cache of personal data put up for sale on the online black market by hackers.
One of the hacker attacks stole over 105 million records making it the single largest data breach in cybercrime history.
The trove included credentials from more than 360 million accounts and around 1.25 billion email addresses.
The discovery was made by cybersecurity firm Hold Security. “These credentials can be stolen directly from your company but also from services in which you and your employees entrust data. In October 2013, Hold Security identified the biggest ever public disclosure of 153 million stolen credentials from Adobe Systems. One month later we identified another large breach of 42 million credentials from Cupid Media,” the firm said.
They accumulated the data over the past three weeks. The company first tracked over 300 million abused credentials that were not disclosed publicly (that is over 450 million credentials if one counts the Adobe find).
“But this month we exceeded all expectations. In the first three weeks of February we identified nearly 360 million stolen and abused credentials and 1.25 billion records containing only email addresses. These mind boggling numbers are not meant to scare you and they are a product of multiple breaches which we are independently investigating. This is a call to action,” it added.
“The sheer volume is overwhelming,” said Alix Holden, chief information security officer of Hold Security.
Hold Security says that the email addresses came from all major providers including Google, Microsoft and Yahoo, and that many non-profit organizations and almost all Fortune 500 companies had been affected.
This comes just months after details of 2.9 million people across the globe were stolen in a highly sophisticated cyber attack on Adobe.
Adobe’s security team announced recently that the attackers accessed Adobe customer IDs and encrypted passwords on its systems and removed information including customer names, encrypted credit or debit card numbers, expiration dates and customer orders.