Get a free application, infrastructure and malware scan report - Scan Your Website Now

Subscribe to our Newsletter
Try AppTrana WAAP (WAF)
Managed WAF Start at $99

The Great Cyber Robbery by Russian hackers

Posted DateAugust 7, 2014
Posted Time 3   min Read

A Russian gang has stolen 1.2 bn usernames and passwords and this is being quoted as the biggest cyber robbery that anyone has ever witnessed. The News of this discovery was first reported by Nicole Perlroth and David Gelles of the New York Times. Reports are citing that the primary tool used for hijacking this data is SQL Injection. The stolen records comprised of sensitive and confidential data from 420,000 websites. These include 1.2 bn usernames and password combinations and more than 500 mn email addresses.

How was the attack planned?

As per a security research company, which has been called in to study this hack, the hacker’s approach to steal data originally was different which they changed later. Initially, the hackers acquired databases from hackers in the black market, which contained stolen credentials. This data was further used to attack social media networks, email providers, and various other websites, and use them to spam and infect their victims. The legitimate systems were taken control of by installing malicious rerouting. Bots were created.

The hackers then used the botnets to find out SQL vulnerabilities on more than 400,000 websites which were vulnerable to the cyber attack. They audited the websites for being prone to SQL vulnerability. These vulnerabilities were exploited to steal data from those sites’ database, and with this, they landed with billion-plus usernames and passwords. So the attacks started on small websites and proceeded to larger organizations, affecting many Russian websites as well.

As explained in a very unique terminology by a security researcher, the hackers performed “possibility the largest audit of websites ever”.

Who are the faces behind this massive hack?

The Russian government is not believed to be involved in this attack. As per The Times, Russian hackers have long been using botnets to extract this type of information on a massive scale. This hacking ring is based in south-central Russia and comprises of less than a dozen men in their 20s, who not only know each other virtually but also personally. They began as amateur spammers somewhere in 2011 but now may have possibly joined forces with a more professional and larger entity.

More on the biggest hack in the history of the Internet

While it is believed that many leading organizations in almost all the industries in the world have been affected, no details about them have been publicly disclosed. No reports about the data being sold online by hackers have surfaced, but it is believed that they are using the stolen credentials to spam users.

The Times has said that multiple security experts have analyzed the data and have confirmed its authenticity. It is also alleged that many big companies whose data shows in this stolen database, are aware of the theft.

What should be done next?

This attack was not targeted at only big organizations, but at every website that was visited by the victim. Therefore the smaller organizations might be equally affected.

Many websites are coming up with paid tests and services, to check whether their websites are secured against vulnerabilities similar to SQL attacks, but make sure that in search of a remedy, you do not fall prey to another disease. Do a proper search on the authenticity of such websites.

Few steps that should be taken immediately are:

For users

1. It is being advised to change your passwords. When you do change them, please use a combination of unusual characters.

2. Do not repeat passwords, ever! It can be difficult to keep remember passwords for all the multiple accounts you have, so you can use a reliable password wallet or password manager. You don’t have to worry about their cost, some of them are absolutely free.

3. Do not store them in plain text on your devices.

4. Many organizations like Gmail, Facebook are now providing two-factor authentication, which due to not being mandatory is not being utilized by users. Use it.

For Organizations-

  1. Scan your websites for any vulnerabilities, like being prone to SQL injections, find them and fix them. These scans should be done periodically, to check the health of your website.
  2. Transition to two-factor authentication. Make it mandatory. It will help you save from a lot of pain in the longer run.
  3. If you think your user data has been compromised by this attack, request your users to change their passwords immediately, on your website and on whichever other websites they were repeating it. Trust me, they will be repeating it.

web application security banner

Spread the love

Join 47000+ Security Leaders

Get weekly tips on blocking ransomware, DDoS and bot attacks and Zero-day threats.

We're committed to your privacy. indusface uses the information you provide to us to contact you about our relevant content, products, and services. You may unsubscribe from these communications at any time. For more information, check out our Privacy Policy.

Related Posts

Facebook, Instagram and Whatsapp global outage
Facebook, WhatsApp, and Instagram Back Online After Nearly Six Hours of Worldwide Outage

Facebook, Instagram, and WhatsApp are back online after nearly six hours of a major outage. These services altogether have more than 6 billion users worldwide. Users who tried to access.

Spread the love

Read More
Ways a Cyberattacks Can Hurt Your Business
6 Ways Cyberattacks Can Hurt Your Business

We live in the age of rapid digital transformation with futuristic and cutting-edge technologies enabling us to do a wide range of things faster and easier. For instance – a.

Spread the love

Read More
E-commerce Security Threats
Public Procurement (Preference to Make in India) Order 2018 for Cyber Security Products

The Union Ministry of Electronics & Information Technology (MeitY) has mandated preference to cyber security products from companies incorporated and registered in India.

Spread the love

Read More


Fully Managed SaaS-Based Web Application Security Solution

Get free access to Integrated Application Scanner, Web Application Firewall, DDoS & Bot Mitigation, and CDN for 14 days

Know More Take Free Trial


Indusface is the only cloud WAAP (WAF) vendor with 100% Customer Recommendation for 3 consecutive years.

A Customers’ Choice for 2022 and 2023 - Gartner® Peer Insights™

The reviews and ratings are in!