420,000 websites have been affected, according to researchers. This would be the biggest data theft in the history of the Internet. This attack is greater than attack held on Playstation Network. A group of Russian hackers have stolen 1.2 billion logins and passwords, according to security researchers, said to the New York Times on Tuesday.
For now, we do not know much more. 420,000 websites were affected, but the authority does not reveal which websites are faced this vulnerable attack. The list may includes many leaders in all sectors around the world, as well as many smaller sites, said by Hold Security, which had involved assessing the extent of the Target against this attack.
Botnets and SQL injection
The company said hackers were noted in 2013, they first use malicious data that allowed them to attack using email service providers, social networks and other sites. They send spam to victims and trap them with malicious code and redirects infected pages.
In 2014, they gain access to compromised computers networks using botnets that can be controlled remotely. They also use “SQL injection” tool or technique used to test the vulnerability of millions of websites database.
What the status of stolen data?
Is it time to panic and change all passwords? Not necessarily. According to the New York Times, “Few information or email has been placed on the market” and the group would have use this information mostly for spam campaigns. Hold Security has set up a free registration for users to determine if their password has been compromised.
This break was led by a dozen hacks only aged twenties. They are based in Russia, between Kazakhstan and Mongolia. Hold Security identified that they are “CyberVor” group (originated in Russian).They assumes, they would not be affiliated with the Russian government.