If a report by Epoch Times citing a darknet security expert is to be believed, a group of Russian hackers is very busy trying to steal user credentials from the websites of as many as 85 prominent businesses in the U.S. The list includes companies like Amazon, Apple Pay, AT&T, Best Buy, eBay, GoDaddy, Match.com, McDonald’s, Paypal, Steam and Uber, to name a few.
The Epoch Times report was based on data provided by a private darknet security company called BlackOps Cyber. Ed Alexander, a security expert with the company, said his organization had intercepted “configuration files being used” by the hackers in their cyberattacks, and that their identities were thought to be Russian based on the language and servers they were using for their online chats.
According to Alexander, it wasn’t clear who the individuals were that made up the group, but they appeared to not be aligned with any government organization. Alexander told Epoch Times that he saw the hackers “capturing card numbers and full identities” — including personal information used to recover forgotten passwords — on sites.
Speaking of Apple Pay in particular, Alexander said: “When I saw this file earlier this week, I took my iPhones off Apple Pay.”
The hackers were seen stealing usernames and passwords from Steam, the popular video gaming platform with about 125 million active users. If their accounts are breached, the virtual items in users’ accounts can be sold for real money.
A security breach at Yahoo, dating back to 2014 and pinned on Russian hackers, led to over 500 million users’ personal information being compromised, the technology company confirmed Thursday. A group called DC Leaks, which U.S. intelligence officials believe is linked to Russia, has been leaking information related to U.S. politicians and their staff, purportedly in a bid to influence the presidential election. On Thursday, it released online an image claimed to be a scanned copy of Michelle Obama’s passport.
Speaking in the context of the Yahoo breach, but something that is applicable in the larger scheme of things too, Kevin Shahbazi, CEO of security solution LogMeOnce, told International Business Times: “End users should immediately update all of their passwords to minimize the ripple effects of this massive cybersecurity breach. Duplicate passwords could cause a huge issue with this type of potential leak. If consumers reuse a single password across accounts, the hackers now have the key to the rest of their accounts which use that duplicate password. Another way that readers can ensure their password security is strong is by utilizing two-factor authentication.”
Earlier this month, Russian hackers broke into the database of the World Anti-Doping Agency and released data on hundreds of athletes, including many from the U.S.
Another group that calls itself Shadow Brokers, also thought to be Russian hackers, made publicly available in August hacking tools that are used by the National Security Agency. An ongoing NSA investigation is looking into whether one or more of its operatives left them on a remote computer by mistake, from where they were stolen.
The stealing of NSA hacking tools has affected multiple U.S. companies, including Cisco, which issued a statement Tuesday saying there was no workaround to address the exposed vulnerabilities.
Correction: An earlier version of this story mentioned the incorrect company for Ed Alexander.