Have you heard of Mr. Grey? Well, not that one. The Mr. Grey we are talking about is a Russian hacker that is discovered to have participated in the theft of 1.2 billion passwords from 420.000 websites. According to both researchers and journalists, the hack is one of the biggest data harvests in the history of cybercrime.
Who Is Mr. Grey?
The hacker is said to be part of the infamous hackers group known as CyberVor. In 2014, CyberVor made the headlines when they succeeded in stealing the 1.2 billion credentials.
The FBI has now connected a single individual – yours truly Mr. Grey – to the malevolent operation. The American bureau successfully traced back Mr. Grey via open source data such as email addresses shared on Russian underground forums used for cybercrime. The hacker is told to have used those forums to sell the stolen data that had been gathered from social media accounts (Facebook, Twitter, VKontakte). The American officials haven’t commented on their findings regarding Mr. Grey.
Hold Security Revealed the Biggest Credentials Theft
According to Hold Security, the attackers have used bots to find 420.000 websites, all found out to be prone to SQL injection attacks. Those pages became known to the attack’s authors, who then harvested user credentials from the vulnerable servers.
Investigation indicates that the initial number of stolen private data (usernames and passwords) was above 4.9 billion, but when duplicates were removed, 1.2 billion remained. Also, 542 million of the email addresses were defined as unique.