Report: Russian Hackers Breach 97 Websites

An independent cybersecurity company has determined that Russian-speaking hackers have breached 97 websites and stolen login credentials, potentially putting the privacy of hundreds of thousands of users in jeopardy.

In a list compiled by security firm – Hold Security, 97 websites including several which are similar to dating website Ashley Madison have been breached by Russian-speaking hackers, reports ITWorld.

Alex Holden, Hold Security’s founder and CTO adds that hordes of stolen information was stored in batches on a server discovered by the company’s analysts. Despite the data, the server was open and not password protected, Holden said.

Related News: Online Dating Site Ashley Madison Hacked

Furthermore, Holden insists that the Russian-speaking hacker group does not appear to be related to the Impact Team, notorious for being the instigators of the Ashley Madison breach. None of the dating websites are nearly as prominent nor popular as Ashley Madison, he notes.

These are early times, and Hold Security has not revealed the full list of companies breached, just yet.

Yet Another Breach

A native Russian speaker himself, Holden estimates the breaches into the websites began on July 4, up until a week ago. The data found on the server includes a comprehensive list of sites along with their software and network vulnerabilities. Additionally, there were notes written in Russian.

A significant majority of the websites seem to have database vulnerabilities, on an initial round-up by analysts. If exploited, these vulnerabilities give hackers the means to access other information stored in the system. These vulnerabilities are commonly known as SQL injection flaws.

The hackers behind the breach “are doing what security auditors would,” noted Holden, claiming the hackers are looking for vulnerable websites with weaknesses.

The data includes a large list of email addresses and entire lists of unencrypted passwords from certain sites. So far, it appears that hackers do not have a definitive plan in deciding what to do with the breached data. Unlike the Ashley Madison case, there was no sensitive information found in the dump on the server.

“These hackers don’t know how to monetize the rest of the data, so they steal things that they can monetize,” Holden said.

Image Credit: Wikimedia Foundation