俄羅斯黑客竊取全球12億用戶信息

俄羅斯黑客團伙竊取了12億用戶名和密碼,，這些屬于5億多個電子郵件地址,來自與一家專門從事發(fā)現漏洞叫Hold Security的美國公司稱。
Hold Security將此次描述為“這是有史以來規(guī)模最大的已知的互聯網信息失竊案件”,。
稱被盜信息來自超過420000個網站,包括“全世界幾乎所有行業(yè)的領軍企業(yè)”。
Hold Security 沒有透露受到黑客影響的公司具體細節(jié),。（更多全球資訊請登錄中國進出口網）
“他們目標不只是大公司,相反,他們有針對的對受害者所訪的每個網站,“Hold Security在其報告中表示,。
“成千上萬的網站受到影響,包括許多世界各地幾乎所有行業(yè)的領軍企業(yè),，,以及眾多小型甚至個人網站。”
這些數據庫被用來攻擊電子郵件提供者,社會媒體和在其他網站向受害者發(fā)布垃圾郵件和在其他合法的系統(tǒng)上安裝惡意插件”
《紐約時報》首先報道發(fā)現,一個不隸屬于Hold Security的安全專家分析了被盜數據庫憑證,確認這一消息屬實”,。
“另一個計算機犯罪專家曾回顧了數據,但不允許公開討論這個問題,因為說是一些大公司意識到,他們的記錄是在被盜信息里面,”該報稱,。
該報補充說:“Hold Security不會指出受害公司名字，引用保密協議和不愿提到名字的公司網站仍然是脆弱的,。”
多管齊下的攻擊?
Hold Security,此前報道了關于黑客對Adobe和的Target的攻擊,并說說花了7個多月的研究才發(fā)現最新的攻擊內容,。
該公司聲稱該團伙最初獲得的數據庫來自于黑市上黑客手,。
這些數據庫被用來攻擊電子郵件提供者,社會媒體和在其他網站向受害者發(fā)布垃圾郵件和在其他合法的系統(tǒng)上安裝惡意插件”Hold Security 提到,。
黑客也從僵尸網絡獲取訪問數據——感染惡意軟件的計算機引起別的計算機感染。
Hold Security說僵尸網絡幫助黑客組織——它被稱為CyberVor識別超過400000個網站,這些仍易受到網絡攻擊,。
“CyberVors利用這些漏洞從這些網站的數據庫竊取數據,”該公司說,。

“我們所知,他們大多集中于盜竊信息,最終結局是總計被盜超過12億電子郵件和密碼的最大個人信息緩存的數據。” （更多全球資訊請登錄中國進出口網） 
Russia gang hacks 1.2 billion usernames and passwords
The group is alleged to have stolen credentials from hundreds of thousands of websites globally
A Russian group has hacked 1.2 billion usernames and passwords belonging to more than 500 million email addresses, according to Hold Security - a US firm specialising in discovering breaches.
Hold Security described the hack as the "largest data breach known to date".
It claimed the stolen information came from more than 420,000 websites, including "many leaders in virtually all industries across the world".

Hold Security did not give details of the companies affected by the hack.
"They didn't just target large companies; instead, they targeted every site that their victims visited," Hold Security said in its report.
"With hundreds of thousands of sites affected, the list includes many leaders in virtually all industries across the world, as well as a multitude of small or even personal websites."
These databases were used to attack e-mail providers, social media, and other websites to distribute spam to victims and install malicious redirections on legitimate systems”
Hold Security （更多全球資訊請登錄中國進出口網） 
The New York Times, which first reported the findings, said that on its request "a security expert not affiliated with Hold Security analysed the database of stolen credentials and confirmed it was authentic".
"Another computer crime expert who had reviewed the data, but was not allowed to discuss it publicly, said some big companies were aware that their records were among the stolen information," the paper said.
The paper added: "Hold Security would not name the victims, citing nondisclosure agreements and a reluctance to name companies whose sites remained vulnerable."
Multi-pronged attack?
Hold Security, which has previously reported about hacks on Adobe and Target, said it took more than seven months of research to discover the extent of the latest hack.
The firm claimed the gang initially acquired databases of stolen credentials from fellow hackers on the black market.
"These databases were used to attack e-mail providers, social media, and other websites to distribute spam to victims and install malicious redirections on legitimate systems," Hold Security said.
The hackers also got access to data from botnets - a network of computers infected with malware to trigger online fraud. （更多全球資訊請登錄中國進出口網） 
Hold Security said the botnets helped the hacking group - which it dubbed CyberVor - identify more than 400,000 websites that were vulnerable to cyber attacks.
"The CyberVors used these vulnerabilities to steal data from these sites' databases," the firm said.
"To the best of our knowledge, they mostly focused on stealing credentials, eventually ending up with the largest cache of stolen personal information, totalling over 1.2 billion unique sets of e-mails and passwords."