420,000 websites are compromsied by Russian hackers who access over 1 billion passwords

In a series of historic Internet heists, it has been discovered that Russian hackers have stolen approximately 1.2 billion usernames and passwords from 420,000 websites as well 500 million email addresses. Security experts have described the incident as proof that big and small companies aren’t doing enough to protect their users’ personal information.

Names of the websites were not released to the public because of nondisclosure agreements.

The incidents were uncovered by Hold Security, a Milwaukee, Wisconsin-based firm that has repeatedly found data thievery in the past. The company’s findings were then reported by the New York Times on Tuesday, in which it noted that many believe the hackers will persist as long as the security apparatuses imposed by businesses and governments remain lax.

HackerAlex Holden, the founder and chief information security officer of Hold Security, told the newspaper that the Russian gang did not just target United States companies, but any website they could infiltrate, whether it was a Fortune 500 business or a tiny website. It should be noted that there were Russian websites that were affected, too, so there likely isn’t a connection between the Russian government and the hackers.

It had gathered more than 4.5 billion records earlier this summer, but after sifting through duplicates, it was left with the 1.2 billion figure.

The online records have yet to be sold, but they are showing up on social networks at the request of other organizations to collect fees. Of course, selling this type of data on the black market is certainly a worthwhile attempt considering how much money they could earn.

Holden explained that he does have contacts within the group and they’re located in a small city in south central Russia. It comprises of less than a dozen men in their 20s, who all each other very well.

“There is a division of labor within the gang,” Holden added. “Some are writing the programming, some are stealing the data. It’s like you would imagine a small company; everyone is trying to make a living.”

With the latest revelation, some are concerned that it’s pretty much a losing endeavor to keep millions of private data away from foreign and domestic cybercriminals. Nevertheless, industry professionals are urging everyone to start enhancing their security measures and protocols.

“Companies that rely on user names and passwords have to develop a sense of urgency about changing this,” said Avivah Litan, a security analyst at the research firm Gartner. “Until they do, criminals will just keep stockpiling people’s credentials.”

As a growing number of websites are getting their hands on the most personal of details, such as Social Security numbers and passwords, identity theft is becoming a lucrative scheme.

“The ability to attack is certainly outpacing the ability to defend,” said Lillian Ablon, a security researcher at the RAND Corporation. “We’re constantly playing this cat and mouse game, but ultimately companies just patch and pray.”

Is there any hope to eradicate hackings and data breaches?