Caribbean Fever - Your ONLY destination to all things Caribbean and more
Hackers have stolen 26 million user logins for tech giants including Amazon, Apple, Facebook as well as vital payment information in the latest online security breach.
The malware hack, exposed by cybersecurity provider NordLocker, also saw payment details nabbed from 3.25 million computers that run Windows software. It was uncovered after researchers discovered a 1.2 terabyte database filled with stolen personal information.
The other firms whose accounts were targeted include eBay, Instagram, Netflix, Paypal, Roblox, Steam, Twitch and Twitter. It saw victims computers' infected by opening emails, or downloading bootleg software, and enabled the malware to take screenshots of their browsing activity - including private login details.
According to a report released by NordLocker on Wednesday, an unidentified, Trojan-type malware stole the files, including 26 million login credentials, between 2018 and 2020. It saw victims' webcams taken over by the malware, which then took screenshots as people used their computers to reveal personal information.
It remains unclear if any of that data was then used to scam or defraud its rightful owners. People who fear they may have been targeted can visit the website haveibeenpwned and insert their details to find out.
The news comes amid a spike in cybersecurity and ransomware attacks affecting major American companies - one that crippled a key pipeline along the East Coast, affecting gasoline supplies and leading to shortages at filling stations. Another shut down beef plants of the world's largest meat producer.
As for NordLocker and the huge cache of stolen data it found, the company said: ‘We want to make it clear: we did not purchase this database nor would we condone other parties doing it. A hacker group revealed the database location accidentally.’
An unidentified, Trojan-type malware stole 1.2 terabytes of personal information from 3.25 million Windows-based computers, between 2018 and 2020
The mystery malware that stole information from from over three million PCs has not been identified and its reasons for existing are unknown.
NordLocker found that the malware was transmitted through email and illegal software, including bootlegged versions of Adobe Photoshop 2018 and a number of computer games.
The stolen data includes 26 million sets of login credentials for common online services, including Amazon, Apple,
The database also contains 2 billion session cookies, or online footprints that hackers use to view their targets behaviors and habits on their computer.
Lastly, it contains 6.6 million desktop files, including 1 million images and 650,000 Word and .pdf files.
Nordlocker explained that, after infecting its host computers, the malware took screenshots using their webcams and assigned unique IDs to each set of stolen data to sort it according to where it came from.
Security experts said people could check the 'have i been pwned?', which is play on words of 'owned' to see whether their data might have been compromised. The site compiles data breach information.
On Wednesday, the same day Nordlocker released its study, it was revealed that beef supplier JBS paid an $11 million ransom in Bitcoin to hackers who compromised its systems, forcing them to shut down multiple meat processing plants.
Meanwhile, U.S. officials said this week the Department of Justice would now investigate cyberattacks on the same level as terrorism.
JBS, which supplies 20 per cent of all beef and pork in the US, received a demand from 'a criminal organization likely based in Russia' following the attack that has affected its operations in Australia and North America, White House spokeswoman Karine Jean-Pierre said.
Andre Nogueira, the CEO for the Brazilian company's United States division, told The Wall Street Journal in an interview that the payment was made after most JBS plants were already up and running again as 'insurance to protect our customers.'
Regarding the hack, JBS wrote: 'The FBI stated this is one of the most specialized and sophisticated cybercriminal groups in the world.'
The meat supplier claimed that it was able 'to quickly resolve the issues' because of the company's cybersecurity protocols, redundant systems and encrypted backup servers. JBS spends more than $200 million annually on information technology and employs more than 850 IT professionals globally, according to the release.