Hold Security explained the hack as being the “largest data breach known to date”. The firm stated the stolen details originated from more than 420,000 websites, which includes “many leaders in virtually all industries across the world”.
Hold Security did not give details of the companies affected by the hack.
“They didn’t just target large companies; instead, they targeted every site that their victims visited,” Hold Security had stated in its report.
“With hundreds of thousands of sites affected, the list includes many leaders in virtually all industries across the world, as well as a multitude of small or even personal websites.” They went on to say.
The New York Times, who brought the story to light, had said that on its request “a security expert not affiliated with Hold Security analysed the database of stolen credentials and confirmed it was authentic”.
“Another computer crime expert who had reviewed the data, but was not allowed to discuss it publicly, said some big companies were aware that their records were among the stolen information,” the paper stated.
Hold Security mentioned that botnets assisted the hacking group, which was referred to as CyberVor, which identified up to 400,000 websites which were susceptible to cyber attacks.
“To the best of our knowledge, they mostly focused on stealing credentials, eventually ending up with the largest cache of stolen personal information, totalling over 1.2 billion unique sets of e-mails and passwords.”