FBI seeks hacker controlling 1.2 billion stolen logins

Shutterstock

The FBI believes a single hacker has hold of 1.2 billion internet logins, and EL James fans be warned, he's known as Mr Grey.

The logins for sites such as Facebook and Twitter were most likely stolen last year by a Russian crime ring dubbed CyberVor, which harvested data from a whopping 420,000 websites using botnets looking for SQL injection vulnerabilities -- the same technique used to target TalkTalk.

That was revealed in August last year by Milwaukee security firm Hold Security, which told journalists at the time that the Russian hackers had hold of 1.2 billion credentials as well has half a billion email addresses.

In its subsequent investigation, the FBI has been tracking one hacker, known as "mr grey" or "mistergrey", according to court documents seen by Reuters.

The search for "mr grey" has turned up an email address in spam-sending tools, as well as posts on a Russian hacking forum offering to get information for users of Facebook, Twitter and VK, a Russian social network. Mr Grey offered to locate the records of such users, which Hold Security told Reuters suggested the hacker had a database or access to one holding the massive pile of stolen data.

The FBI documents reveal investigators have also uncovered domain names and utilities for sending spam, suggesting the hacker is harvesting the data to send spam as well as selling it on to others via forums.

It's unclear if Mr Grey is one person acting alone or on behalf of other hackers, or merely the name used by CyberVor to sell from its collection, as the FBI isn't sharing any details beyond what Reuters dug out of the court filings.

The amassed data was thought to be the largest collection of stolen credentials authorities have yet to notice, and included passwords, usernames and more for individuals, small businesses and even Fortune 500 companies, according to Hold Security last year.

However, it wouldn't only be Mr Grey seeking to profit from the dodgy database: Hold Security was criticised for withholding details of who was hacked and charging up to $120 to reveal to companies if they were on the list.

This article was originally published by WIRED UK