Hacked: Hacking Finance

Feds Credit a Single Hacker behind Theft of 1.2 Billion Log-In Credentials

Introduction

Samburaj Das

Samburaj Das

Samburaj is the contributing editor at Hacked and keeps tabs on science, technology and cyber security.


LATEST POSTS

ChronoPay Looks to Kickstart Bitcoin Adoption in Russia 29th May, 2017

Alleged FBI Hacker Lauri Love Ordered to US Extradition by UK Home Secretary 15th November, 2016

Breaches

Feds Credit a Single Hacker behind Theft of 1.2 Billion Log-In Credentials

Posted on .
This article was posted on Wednesday, 11:37, UTC.

As revealed by court documents put forth by the FBI, the authority has identified a single hacker behind the theft of the most comprehensive credentials-hack in history.

// -- Discuss and ask questions in our community on Workplace. Don't have an account? Send Jonas Borchgrevink an email -- //

1.2 billion stolen web credentials. Millions, possibly hundreds of millions of Facebook and Twitter logins. Over 500 million email address, aside from the stolen credentials. Over 420,000 websites targeted to steal the above details. That’s what amounts to the single largest data theft of user names and passwords.

The court papers were filed by the FBI to secure a search warrant in relation to an investigation into the stolen email records back in December 2014. A month later, the warrant was executed. Now public, the papers were revealed at a federal court in Milwaukee, Wisconsin, reports Reuters.

Also read: Amazon Resets Passwords of Customers’ Accounts; Possible Leak

// -- Become a yearly Platinum Member and save 69 USD and get access to our secret group on Workplace. Click here to change your current membership -- //

Investigation into the astounding data theft started soon after Hold Security, a cybersecurity firm, tipped the Feds about a Russia-based hacker group dubbed CyberVor, behind the theft. Further investigation revealed that the group of malicious hackers, or even a single hacker, had advertised the sale of the stolen credentials in forum posts under the name of ‘mr.grey.”

Mr.Grey

During the investigation, authorities browsing through Russian-speaking hacking forums discovered multiple posts by “mr.grey” who made the claim that he could locate the records of any Facebook-, Twitter- or VK-user (VK is a Russia-specific social network, a Facebook clone). These posts were written back in November 2011.

Also read: Three Charged with Masterminding the Single Largest Financial Cyber-Theft in U.S. History

The FBI also discovered that the theft of 1.2 billion stolen credentials and over 500 million email addresses were already being worked on by malicious attackers. The investigation revealed several lists of domain names and utilities that were likely used to send spam to hundreds of millions of email accounts. With such numbers, it’s an inevitability for a comprehensive spear-phishing operation leading to identity theft or theft of financial records.

An email address registered as early as 2010 was discovered in the spam tools used by the attackers. The court documents revealed it to be “mistergrey.”

It’s entirely likely that “mr.grey” used or had access to an offshore database that swallowed up swarms of stolen data from computers using malware, Trojan malware and viruses, according to Alex Holden, CISO at Hold Security.

Facebook and Twitter could not be immediately reached for a comment at the time of publishing.

Hacked will keep you updated on this story as it develops and more from the court documents are revealed.

Featured image from Shutterstock.

Important: Never invest money you can't afford to lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here.



Feedback or Requests?

Receive New Posts on Email:



Samburaj Das

Samburaj Das

Samburaj is the contributing editor at Hacked and keeps tabs on science, technology and cyber security.

There are no comments.

View Comments (0) ...
Navigation
Star Wars is the second largest movie franchise of all time,…