As many as 26 million login IDs of users of Amazon, Apple, Facebook as have been stolen by hackers in the latest online security breach. Besides, browser cookies, autofill data, and payment information have been extracted by malware that has yet to be identified. Researchers at cybersecurity provider NordLocker have identified that at least 1.2 terabytes of personal details and information were stolen through a customized malware strain.
Moreover, the malware hack also saw payment details nabbed from 3.25 million computers that run Windows software. It remains unclear if any of that data was then used to scam or defraud its rightful owners.
According to a report released by NordLocker on Wednesday, an unidentified, Trojan-type malware stole the files that include 26 million login credentials between 2018 and 2020. Besides, the firm confirmed that the database contained 1.1 million unique email addresses, more than 2 billion browser cookies, and 6.6 million files.
In some cases, victims stored passwords in text files created with the Notepad application. The hack also saw victims' webcams taken over by the malware, which then took screenshots as people used their computers to reveal personal information.
Other firms whose accounts were targeted are eBay, Instagram, Netflix, Paypal, Roblox, Steam, Twitter and Twitch. In most cases it saw victims computers' infected by opening emails, or downloading bootleg software.
Besides, the malware also took a screenshot after it infected the computer and took a picture using the device's webcam. Stolen data also came from apps for messaging, email, gaming, and file-sharing.
After being discovered, NordLocker analyzed the database in partnership with a data breach research company before taking steps to remove it from the internet. The screenshots that were taken by the malware revealed that it was spread through the sharing of "illegal software, windows cracking tools and pirated games".
How It Happened
NordLocker identified an illegal version of Adobe Photoshop is just one of the ways that the malware had been spread. However, it remains unclear if any of that data was then used to scam or defraud its rightful owners. People who fear they may have been targeted can visit the website haveibeenpwnedand insert their details to find out.
The discovery comes amid an epidemic of security breaches involving ransomware and other types of malware hitting large companies, including the May ransomware attack on Colonial Pipeline. The hack affected gasoline supplies and resulted in shortages at filling stations. Another recent attack shut down beef plants of the world's largest meat producer.
As for NordLocker and the huge cache of stolen data it found, the company said: 'We want to make it clear: we did not purchase this database nor would we condone other parties doing it. A hacker group revealed the database location accidentally.'
On Wednesday, the same day Nordlocker released its study, it was revealed that beef supplier JBS paid an $11 million ransom in Bitcoin to hackers who compromised its systems. Meanwhile, US officials said this week that the Department of Justice would investigate cyberattacks on the same level as terrorism.
However, researchers at NordLocker said that there's no shortage of sources for attackers to secure such information. "The truth is, anyone can get their hands on custom malware," the researchers wrote. "It's cheap, customizable, and can be found all over the web. Dark web ads for these viruses uncover even more truth about this market. For instance, anyone can get their own custom malware and even lessons on how to use the stolen data for as little as $100. And custom does mean custom—advertisers promise that they can build a virus to attack virtually any app the buyer needs."