FBI links one of CyberVor's members to an online nickname

Nov 26, 2015 15:25 GMT  ·  By

Court documents filed by the FBI and seen by Reuters reveal the moniker of a hacker that was behind one of last year's biggest Web heists, stealing over 1.2 billion Web credentials from more than 420,000 websites.

The FBI started an investigation last year when Wisconsin-based firm Hold Security informed the Bureau of a data breach that occurred in August 2014.

CyberVor hacking crew managed to steal 1,200,000,000 Web credentials

Hold Security was saying that a group of Russian hackers known as CyberVor managed to steal 1.2 billion username and password combos from over 420,000 Web domains, and also gained access to a list of 500 million email addresses.

According to court documents, the FBI linked the identity of one of the hackers to an email address and a nickname he was using online: mr.grey.

The Bureau managed to trace the hacker's activity on various Russian hacking forums back to 2011, when he was selling access to social media accounts for sites like Facebook, Twitter, and VK (Russian social network).

FBI doesn't seem to have leads on mr.grey's accomplices

Additionally, the FBI also claim it has evidence that the email address lists the hacker acquired from the Hold Security incident were used to send out unsolicited emails (spam).

The investigation is still underway, and there is no mention of whether the FBI is aware of mr.grey's true identity or location. No details were provided in the court documents, filed in December 2014, as far as the hacker's accomplices, the other members of the CyberVor group, are concerned.

In its official data breach announcement, Hold Security said that CyberVor actually managed to steal over 4.5 billion records. This numbered was trimmed down to 1.2 billion unique Web credentials, after duplicate entries were removed.

If all this stolen data were to be ever leaked online, Hold Security would easily top Have I been pwned?'s Top 10 list of biggest data breaches ever disclosed. Currently, Adobe tops the list with a (leaked) data breach of 152 million records. That's just 12% of Hold Security's 1.2 billion records.