Federal Bureau of Investigation links hacker to theft of 1.2 billion Internet credentials

Does FBI deal with Hackers

The theft was revealed by Hold Security who at the time said attackers used bot-infected computers to find the 420,000 websites that were each vulnerable to SQL injection attacks.

The hacker was linked to the stolen logins via a Russian email address.

"To the best of our knowledge, they mostly focused on stealing credentials, eventually ending up with the largest cache of stolen personal information totaling over 1.2 billion unique sets of emails and passwords", Hold Security said according to the BBC.

Hold Security started a "breach notification service" after the discovery, charging $120 to websites wanting to be notified if the gang attempted to exploit their systems or networks. The U.S. Justice Department has not issued any comments on the stolen data.

During their investigation, the feds found a list of domain names and tools used to send spam, wherein they unearthed an email address owned by a "mistergrey".

The FBI's probe was prompted by Alex Holden, CISO of Milwaukee-based Hold Security, warning in August 2014 that he had discovered "what could be arguably the largest data breach known to date".

The investigation is still underway, and there is no mention of whether the FBI is aware of mr.grey's true identity or location.

Following this lead, the Federal Bureau of Investigation has been granted a warrant to follow-up, and as of the court files released last week, there hasn't been any further information on how the chase has progressed.

The FBI has managed to link the theft of a frankly staggering 1.2 billion log-in credentials to a single hacker, after finding a Russian email address within reams of data obtained by security researchers.

Mr Grey, part of a group dubbed CyberVor, is said to use those boards to offer for sale, information on any social media account, including Facebook, Twitter, and Russia's VK, Reuters reports. However, Holden tells Reuters that mr.grey's message indicates that he either operated or had access to the database containing the more than 1.2 billion stolen records that he found. Facebook and Twitter declined to comment.

Neither Facebook nor Twitter was immediately available for comment.



Other news