Skip to main content

FBI looking for hacker behind theft of 1.2 billion online credentials

A hacker, known only as “mr.grey,” has been linked to the theft of 1.2 billion online credentials by law enforcement officials in the United States.

According to court documents, the FBI was able to link the stolen credentials to the hacker using a Russian email address

Read more: Hacktivism and malware: The security threats we’ll face in 2016

The documents, made public by a federal court last week, reveal that the FBI’s probe into the theft, which would be the largest of its kind, began in December last year. Security firm Hold Security initiated the investigation after it reported that a Russian crime ring, CyberVors, had infiltrated 420,000 websites and stolen 1.2 billion credentials and 500 million email addresses.

After filing a search warrant related to email records, the FBI was able to connect the activities to “mr.grey,” who had previously used a Russian forum to advertise that he could locate account information for users of Facebook, Twitter and Russian social network VK.

Reuters reports that the FBI is not sharing any additional details aside from the court papers, so it is not clear whether the police bureau believe “mr.grey” to be acting alone, as a front for a group of hackers or whether it is simply another name used by CyberVors.

Read more: Fraud prevention firm among the JPMorgan hack victims

Illegally acquiring online credentials has the potential to cause serious damage to victims, subjecting them to spam, phishing attempts and ultimately fraud. It is also an extremely lucrative proposition for hackers, who are able to sell the information for financial gain.