According to a blog post on Hold Security company blog, which conducted an 18-month investigation finding that a Russian hacking gang stoled 1.2 billion username and password combos, as well as more than 500 million email addresses.
According to Hold Security the hackers pulled off the heist, using unsuspecting systems of botnet network victims (in this case, computers with viruses that allowed a single operator to control a large group of affected systems) to test websites for SQL vulnerabilities. When a vulnerability was discovered, the hackers were then able to execute SQL injections, enabling them to send malicious commands to a website and steal its data, including usernames and passwords.
The group managed to steal information from 420,000 web and FTP sites, Hold Security said.
The Security company are calling it the biggest theft of user data ever.
Meyer says
I first heard about this breach today on the national morning news. I was very, very concerned.
I assumed the company had been checked out by the national media.
I now question the validity of the source.
It appears he is a one man band.
Plus, he is offering a service to determine if your data has been compromised.
All you have to do is give your data (email accts and passwords) to him and he will check it against the data he has.
I am positive there is a ton of our private data in the bad guys databases.
But, is this guy to be believed and trusted?