Enterprise VPN Provider Citrix, Hacked; 6TB of Sensitive Data Stolen

Enterprise VPN provider, Citrix, was subjected to a hack which is doubted to have stolen private data pertaining to the company’s technology.

On Friday, Citrix told that FBI informed them about "international cyber criminals" working their way into the organization’s networks.

They were further told that most probably the criminals resorted to the technique of “password spraying” to break into the company’s networks. They did do by appropriately guessing the password to an account which belongs to the company.

The hackers involved are reported to be a part of an Iranian Hacking group which has attacked over 200 companies, along with multiple government agencies, technology firms and gas, and oil companies.

Referenced from a blog post by Resecurity, the cybersecurity firm contacted Citrix in an attempt to warn them about the hack which was on the way.

And, while refraining from telling the origins of the source from where the firm learned of the hack, it said that it "has shared the acquired intelligence with law enforcement and partners for mitigation."

While FBI denied commenting on the matter, Resecurity drew a connection between the hackers and a nation state, "due to strong targeting on government, military-industrial complex, energy companies, financial institutions and large enterprises involved in critical areas of economy."

Citrix expressed a probability of business documents being acquired and downloaded by the attackers and told in a notice, "The specific documents that may have been accessed, however, are currently unknown."

"Citrix has taken action to contain this incident. We commenced a forensic investigation; engaged a leading cybersecurity firm to assist; took actions to secure our internal network; and continue to cooperate with the FBI," the company further included in the notice.

Anonymous Threat Group Compromised 1 Million Web Pages of Popular Brands like Coca-Cola and McDonalds’s

Around 1 million Israeli based webpages owned by renowned brands like McDonalds’s and Coca-Cola have been compromised by an anonymous group of hackers who notably breached the websites of leading brands which were introduced for Israel natives with address ‘co.il’  – Cocacola.co.il and McDonalds.co.il and etcetera.  

The hacker group employed third-party accessibility plug-in known as ‘nagich.co.il’ which loaded infected JavaScript code that compromised the website and assisted the threat actors in exploiting and corrupting a million of web pages.

There’s a critical vulnerability which existed in the disabled page accessibility plug-in, Nagich, it permitted access to more than 1 million Israel based webpages and primarily assisted the attackers in corrupting the webpages.

Besides websites of renowned brands – Coca-Cola, McDonald’s and Toys"R"Us, other popular websites namely Ynet and Calcalist also fall prey to this breach. Reportedly, the attackers corrupted these websites and displayed political messages.

The Nagich website is not a usual site, it’s a website which contains an accessibility plugin - a Javascript which runs on a website which opts for this service and provides it a multitude of options. 

On giving necessary permissions, the severe vulnerability can run code on the website which means it can make any changes in our site and do whatever it wants. Hackers exploited it to replace the malicious code with an embedded link with the motives of corrupting webpages.

Due to the delay in taking remedial measures to patch the vulnerability, Nagich officials, in a way led hackers to compromise hundreds of webpages.  

The Kremlin told about hacker attacks on the website of the President of Russia

Foreign hackers are constantly attacking the website of Russian President Vladimir Putin. Intelligence agencies record a large number of attacks from Europe and the United States said the Kremlin.

As the Press Secretary of the Russian leader, Dmitry Peskov, noted, Western countries like to talk about" Russian hackers", but foreign partners themselves are waging an information war against Russia.

"A huge number of cyber attacks on Russian organizations, individuals and legal entities are constantly organized from the territory of the United States," he said.

According to him, hackers from Europe and North America regularly try to commit hacks. He noted that a new draft law on Autonomous RUnet is aimed at countering this.

The draft law on the Autonomous operation of the Russian Internet segment, if it is disconnected from the global network infrastructure, was submitted to the State Duma on December 14, 2018. The document is aimed at protecting the stable operation of the Internet in Russia in case of external threats. The bill defines the necessary traffic routing rules and organizes the control of their compliance.

Attacks on the US Companies by Chinese and Iranian Hackers Renewed

As a result of Trump pulling the U.S out of the Iran nuclear deal last year and the trade disputes between the U.S and China, Iranian and Chinese hackers heavily attacked corporations and government agencies in the United States. Security experts are of the opinion that these hackers have been fuelled by the conflicts of the past.

Referencing from the briefing of seven people who gave a glimpse of the incidents, the recent attacks which targeted multiple US corporations, government agencies, American banks, and various businesses were more brutal than those which were carried out in past. These people were not permitted to publicly discuss the details. 

Analysts and security researchers at National Security Agency sourced the attacks to Iran. Meanwhile, FireEye, which is a privately owned security firm, instigated an emergency order when the government shutdown took place last month. They did so by the Department of Homeland Security.

Reportedly, these Iranian attacks occurred simultaneously with a renewed Chinese offensive configured to steal sensitive data related to military and trade from U.S tech companies and military contractors.

Commenting on the matter, Joel Brenner, a former leader of United States counterintelligence under the director of national intelligence said, “Cyber is one of the ways adversaries can attack us and retaliate in effective and nasty ways that are well below the threshold of an armed attack or laws of war,”

The Ukrainian man stole half a million from crypto-wallets

The man, who stole 500 000 UAH (18 350 USD) from the crypto-wallets of clients of the online cryptocurrency exchange, was detained in the Kiev region.

The Ukrainian cyber police stated that the 35-year-old man provided technical support to the British stock exchange with online cryptocurrency exchange and had access to personal data of customers. He used them to steal from Bitcoin and various Altcoin accounts. Thus, he stole 500 000 UAH for several months.

Theft of cryptocurrency occurred in several stages. At first, the attacker was looking for accounts of clients who for a long time did not open their accounts and did not have a complex authentication system.

After that, the Ukrainian made a substitution of backup e-mail boxes or added them to accounts where they were not specified. Thus, he restored the passwords to the wallets and initiated the debiting of electronic money.

Conversion and withdrawal of money took place through an online exchange.

At the moment the amount of damage is 720 000 UAH (26 400 USD). The received funds the attacker spent on gambling on virtual simulators of slot machines.

Group "Lurk" who claims to have hacked into Hillary Clinton's emails was also hacking into LPDR members' accounts

Konstantin Kozlovsky, 30 Year old, one of the leaders of the Russian hacking group called "Lurk", who claimed to have hacked into Hillary Clinton's emails, also said to have stolen money from several prominent members of Liberal Democratic Party of Russia(LPDR), according to the local media znak.com

According to the documents given by one of the defense lawyers, the group stole 4 million RUB (4.3 million INR) from Vladimir Zhirinovsky, , 99 million RUB (107 million INR) from Igor Lebedev( son of Vladimir Zhirinovsky), and 1.7 million EUR (135 million INR) from Vadim Dengin.

The group was detained by the FSB in June 2016, accused of performing cyber attacks on Russian Banks and stole about 3 billion RUB (3.2 billion INR).

In 2017, Kozlovsky took responsibility for hacking into the Hillary Clinton's Email accounts, servers of National Committee of the Democratic Party of the United States and Military Enterprises of the United States.

He claimed that he was recruited by FSB in 2008 and done various cyber attacks for a long time. He also mentioned that his supervisor was FSB major Dmitry Dokuchaev.

"At the end of December 2017, the media reported that Dokuchaev, as well as a number of FSB officers, including former head of the second directorate of the FSB Information Security Center, Sergei Mikhailov , themselves fell under investigation in connection with the leakage of information about hacker hacking of the US Democratic Party servers." The local media reports.

However, representatives of the Ural divisions of the FSB expressed confidence that all the statements on behalf of Kozlovsky are nothing more than an "attempt to draw attention to his criminal case" and, possibly to ask political asylum later.

Hackers threaten to disrupt Moscow Domodedovo Airport navigation system unless they Bitcoin Ransom

Unknown Hackers demand several hundred of Bitcoins from the administration of the Airport "Domodedovo" (Moscow International airport), otherwise they will intervene in the navigation systems of the Airport.

According to the Airport staff, the attackers sent threatening e-mail to the Domodedovo Contact Center.  They said they will interrupt the function of the Airport's navigation equipment this weekend on July 28-29.

The hackers have claimed that they have the technical capabilities to do it.

Should people be worried about this? Vladimir Ulyanov, Head of the Analytical Center "Zecurion", believes that if cyber criminals have an accomplice inside the Airport "Domodedovo", then there are reasons to be concerned.

But a person who is sitting in another country or inside the country can't simply hack into these system via Internet, says Ulyanov. 

"In this case, threats were sent to some common box. If we are talking about serious attacks, then in this case the letter would most likely have come to the person who is responsible for information security or can make a decision that he is ready to pay ransom." local media quote Ulyanov as saying. 

The Airport administration has tightened security measures at terminals and at airfields.

Domodedovo Safety Officials confirmed reports of an anonymous threatening e-mail and stressed that the functioning of the Airport "Domodedovo" is not under threat.

- Christina

Elliot Alderson(FSociety) hacks BSNL

Elliot Alderson sends information of vulnerabilities he found on BSNL. he released this from his twitter handle "fs0c131y".

It looks like he has found multiple vulnerabilities like sql injection, ransomware attacks on two servers and broken authentication. he claims some of these vulnerabilities were reported by another hacker in India 2 years back and BSNL did not respond back.

It is unclear if this hacker passed on some of the vulnerabilities to "Elliot Alderson"

According to the hacker, "You will find multiple issues with different level of severity. All these issues have been reported to BSNL via Twitter. I discussed with @BSNLCorporate and a member of their IT team. They acknowledged the issues and fixed them".

It is very interesting to note, BSNL has talked to the hacker and worked on their issue and patched/fixed/taken down some of these site. Most of the vulnerabilities have been addressed.Contrary to the claims, BSNL action has been proactive.

The same hacker had earlier identified vulnerabilities in multiple website like Indian express, aadhar, punjab police and Bangalore police.

It is unclear if law enforcement agencies have registered cases to pursue the hackers.

"Law enforcement agencies can take action if the affected parties register compliant", says a senior law enforcement officer.

According to a Mumbai based IT security company , "we believe the intrusion are from hackers in india(who may have used vpn and tor) to hide their identity, If the hackers only wanted to expose vulnerabilities, they should work with penetration testing company who are CERTIN Empaneled. They will earn out of this exercise".

Another IT Security Company who worked for close to 20 years in information security says, "This is work of a script kiddie. BSNL security was like 0/10 and this guys skill is 1/10."

Website of Chelyabinsk court hits by data-encrypting malware

Attackers hacked into the website of Arbitration court of Chelyabinsk( a federal subject of Russia, on the border of Europe and Asia) and infected the server with a data encrypting malware.

The malware encrypted the information and files on the server. This incident took place on 4th October. By 10th October, the experts have managed to restore the website from previously saved backup.

However, the court lost all the information that was published on their website for this year, as the last backup operation was done only in January. The online resources including news, charts, video of conferences, information about bureau and judicial appointments were irretrievably lost.

According to the local report, the court is still trying to recover the information using their own sources.  There is no detailed information about the malware variant used in the attack.

- Christina

Hackers deface the website of the Ministry of Justice of Uzbekistan

On November 20, websites of some organizations including government websites were affected by a cyber attack.

A hacker from Bangladesh goes by an online handle "Skidie KhaN", a member of the hacking group called " Cyber Command0s(#Team_CC)" modified the main page of the websites of the Ministry of Justice. According to the local report, the defacement message said that the website was hacked by the hacker "Skidie KhaN".

In addition,the websites of the Ministry of Internal Affairs, the Ministry of Defense, Attorney General's office and the Ministry of the Economy were also under the cyber attack.

The Information Security Center of Uzbekistan declined to comment on the situation.

The consequences of cyber attacks on the websites of several government agencies of Uzbekistan is said to be eliminated. The government is currently working on finding the causes and method to thwart future cyber attacks.

In September, the attacker hacked into many Government websites of Myanmar.

- Christina


Kazakhstan Banks hit by massive DDoS attack

According to local media, several banks in the country have faced a massive DDoS(Distributed Denial of Service) attacks over the past few days.

The attack traffic came from several countries at the same time.  As a result, bank websites were unavailable for a certain time. One of the affected bank is HomeBank.

"The bank's specialists recorded yesterday a large-scale DDoS attack in the form of false requests simultaneously from a huge number of IP addresses that block the operation of the portal."  The Homebank posted in the Qazkom's Facebook Page.

"To ensure the protection of the site and your accounts, the bank's specialists take the necessary technical measures to neutralize the actions of hackers, therefore we apologize if there will be delays in conducting operations or the site will be temporarily unavailable." The Bank apologized for the inconvenience.

Kaspi bank said that their servers and services are not affected by the attack. The bank said they are actively monitoring and working to prevent such attacks.  Other Banks including HalykBank, People's Bank also claimed that their servers are not affected by this attack.

Just a few days ago, the Committee of National Security of the Republic of Kazakhstan stated that Banks hide the information about hacker attacks to maintain the Bank's reputation. In 2017, six Banks have suffered a phishing attack, and only one of them asked KNB to help.

- Christina

Ministry of External Affairs thanks hacker for Inputs on Vulnerabilities

Kapustkiy, the hacker who hacked into 7 Indian Embassies and also hacked into Indian embassy in New York wrote to E Hacking News. In exclusive email he says he was in for a surprise when a senior Indian government official sent him an email.

Kapustkiy claims "They have started to fix everything one by one, and thanks all media for the support", he claims he had no malicious intent and only wanted to show that these vulnerabilities existed. He resorted to posting on pastebin only because the Embassy Officials did not respond to him.

Kapustkiy sent a screenshot of email(to E Hacking News), he received from the joint secretary in MEA. The Senior MEA officially has appreciated kapustkiy's efforts to bring forth the vulnerabilities. He requested the hacker not to post further hacks into pastebin. 

Kapustkiy was pleasantly surprised by this email from Ministry of external affairs.

"Corporate India should learn from this incident, how Government of India has responded to such an incident where they appreciate the hacker and take steps to fix the vulnerabilities. Most Indian corporates cover up security breaches in India, maybe they should take a page from the Indian Government" says J Prasanna, Director, Cyber Security and Privacy Foundation Pte Ltd.

Seven websites of Indian Embassy hacked, database leaked

Seven domains of Indian Embassy in Europe and Africa has been hacked and published by Kapustkiy & Kasimierz L on Pastebin.com (http://pastebin.com/GqJcwSSc).

The countries where Indian Embassy got affected are South Africa, Libya, Italy, Switzerland, Malawi, Mali, Romania.

Indian Embassy in South Africa (http://www.hcisouthafrica.in/)  was the first one to be hacked.  The hackers published the admin login detail and password, other than that they also published the whole database containing the name, passport number, email-id and their phone numbers. The published data contains 161 entries, and the database contains 22 tables.

While the  Indian Embassy in Bern was the second target (http://indembassybern.ch/) and it contains 3 databases with 19 tables with total 35 entries, and login details with passwords. The compromised data includes the name, last name, email id, address, college, and a course where students are enrolled.

The third country that got affected is Italy. The hackers hacked three databases with 149 entries, including the name, email-id, telephone numbers, and their passport numbers. Here also the affected are the students.

In Libya also the Indian embassy's three databases were hacked with 24 tables and 305 entries. While High Commission of Mali was the least affected by this hack, with 14  entries and 16 tables.

The Indian Embassy in Malawi hacked database contains the 74 entries with 16 entries, including their name, email-id, and their mother name. The Romanian Embassy saw the hack of two databases with 139 entries and 42 entries separately with their passport numbers.

When E Hacking News contacted the hacker, he clarified that "I am from Netherlands. I've found several SQL on their website and I reported it.But they ignored me so I dumped there db" - says hacker on email.

27 million Mate1.com account hacked and sold

If you have an account on online dating website Mate1.com then it is very high probability that your account has been hacked.

A hacker has claimed of accessing the account usernames, passwords and email addresses for 27 million people by posting a Hell.

According to the Motherboard Vice, who first reported about the hack said that hacker has hacked over 27 million users account details, and sold them to someone else through a deal brokered on the Hell forum.

The hacker told to Motherboard Vice that he managed to compromise the Mate1.com server, and used command access to look at the MySQL database and then download parts of it.

Further adding he said that the online dating website has lax a security flaw which allow  users to log onto the website  without authenticating  their email-id to complete the sign-up process, which means that  you just have to log onto the website, create your account with an email address that belongs to you or to someone eases.

The hacker reveals that Mate1 does not use any encryption technique to store passwords, so don't worry if you have forgotten your password, it will be sent to the corresponding email in plain text.

It is not clear how much the hacker eventually sold the data for, although he was offering it 

Hackers hold a Hollywood hospital for Ransom

A hacker who has attacked the computers of Hollywood Presbyterian Medical Center is demanding a ransom of 9,000 bitcoins to remove the ransomware which is holding the hospital’s computers hostage, since a week and is preventing the staff from accessing essential data like patient files and test results.

The issue came to forefront when the hospital’s President and CEO, Allen Stefanek told NBC Los Angeles that the hospital’s computer network was suffering from IT issues since February 05 which is posing a big problem in day to day activities and the hospital is forced to turn away new patients.

The staff is using fax machines and telephones to communicate between different departments as they do not have access to email. Doctors also are unable to access patient’s information, including past medical records, newly admitted record and medical test results.

Registrations and medical records are being logged on paper and staff has been instructed to leave their systems offline until told otherwise.

The malware has resulted in a typical chaos within the hospital as some outpatients are missing on their treatments while new patients are being transferred to other hospitals.

Though no patient information has been compromised but the hospital has given the charge to Los Angeles Police department (LAPD) and law enforcement agency, Federal Bureau of Investigation (FBI) to trace the identity of the attackers so that hospital does not lose out more.

In earlier hospital e -attacks, the hackers generally focused on stealing personal data but in this case nothing as such happened and the attack looks more to extract a big payout.

A bitcoin presently costs about $397.07 USD, making the ransom demand worth about $3,573,630 USD.
It is not been made clear if the hospital plans to pay the ransom or not if the solution to attack isn’t found.

The critical data needs to be stored in a tape backup as these sorts of attacks are becoming common with every increasing day.

Flaw in Westermo Industrial Switches puts customer devices at risk

U.S Department of Homeland Security Industrial Control Systems Cyber Emergency Response Team (ICS-CERT)revealed last week that Westermo Ethernet industrial switches uses secure sockets layer (SSL)private keys which are hardcoded and shared across devices.

The Sweden-based company, Westermo is a supplier of high quality data communications equipment designed for harsh industrial applications. The firm’s solutions are used across the world in sectors such as transport, water, energy supplies, mining and petrochemical.

ICS-CERT discovered that using same SSL keys can be used by malicious actors to intercept and decrypt communications via a man-in-the-middle (MitM) attack and leverage the information to gain unauthorized access to a vulnerable device.

Even an attacker with low skill can exploit this flaw if they manage to launch a successful MitM attack on devices running versions 4.18 and earlier of WeOS, the operating system that powers Westermo’s hardware platforms.

The attack can affect Falcon, Wolverine, Lynx, Viper and RedFox.

The company is working on fixing the flaw by including the automate function of changing the key which will be included in WeOS 4.19 but for now the vendor has released an update that will allow users to change the problematic certificate in the web interface of the affected devices.

Meanwhile, users have been advised to update WeOS to the latest version and upload a custom certificate by following the instructions.

The affected company has also warned its customers to avoid self-signed certificates and either completely disable web access to the devices or limit access to secure networks.

FireEye Patches Critical Flaw Found by Google Researchers

FireEye has rushed to patch a serious vulnerability identified in its products by researchers at Google’s Project Zero.

Project Zero researchers Tavis Ormandy and Natalie Silvanovich announced on Friday evening that they had developed a reliable exploit for a remote code execution (RCE) vulnerability affecting FireEye’s Malware Protection System (MPS). The experts haven’t provided any technical details, but Ormandy noted on Twitter that the bug likely affected “every version ever shipped.”

FireEye told SecurityWeek that the RCE vulnerability affected the company’s Network Security (NX), Email Security (EX), Malware Analysis (AX), and File Content Security (FX) products.

“FireEye had been engaged with and was supporting the Google Project Zero team prior to this discovery around the testing of our products. Due to the severity of the vulnerability discovered, we released an automated remediation to customers just 6 hours after notification, mitigating any customer exposure by Saturday morning,” FireEye spokesman Kyrksen Storer said in an emailed statement.

“We are thankful for the opportunity to support the Google team in this process, will continue to support their efforts, and fully support the broader security research community’s efforts to test and improve our products,” Storer added.

This was not the first time researchers reported finding vulnerabilities in FireEye products. In September, FireEye patched several vulnerabilities discovered by Kristian Erik Hermansen and Ron Perris. Hermansen disclosed the details of a flaw before the security firm could release a fix, claiming that he had reported the issue 18 months prior to its public disclosure.

In September, FireEye also resolved five vulnerabilities reported by German security firm ERNW. The issues – which included command injection, code execution, privilege escalation and memory corruption vulnerabilities – affected NX, EX, AX, FX, HX (Endpoint Security) and CM (Central Management) products.

FireEye’s support site currently lists nearly a dozen advisories describing vulnerabilities affecting the company’s products. The list does not include an advisory for the latest flaw reported by Ormandy.

FireEye is not the only security company whose products have been analyzed by the Google researcher. In September, Ormandy reported serious vulnerabilities in products from Kaspersky Lab.

source: Security Week

Data hacked at UK pub chain JD Wetherspoon

The latest firm to be hit by a cyber attack is UK pub chain JD Wetherspoon. One of Britain’s biggest pub companies, JD Wetherspoon’s website has been hacked, leading to the data breach of their customers’ personal details.

The cyber attack leaked the names, email addresses and birthdates of 650000 customers as well as the card details of 100 others.

The company statement said: “These credit or debit card details cannot be used on their own for fraudulent purposes, because the first 12 digits and the security number on the reverse of the card were not stored on the database.

Wetherspoon, however, said that the breach occurred in June but has just been discovered.
The company has alerted customers by email and informed the information commissioner’s office in the UK.

In a letter to its customers, Chief Executive John Hutson said that the company has taken all the necessary measures to make the website again. A forensic investigation is continuing in the breach.

The customers have been recommended to remain vigilant for any unexpected emails asking for their personal information as well as messages requesting them to click on links or download files.

Hutson added, "We apologize wholeheartedly to customers and staff who have been affected. Unfortunately, hacking is becoming more and more sophisticated and widespread. We are determined to respond to this by increasing our efforts and investment in security and will be doing everything possible to prevent a recurrence.”

Vtech hacked, customers’ information accessed by intruders

Whether hackers find it is easy to hack kid’s toy or they like such toys so much that they have been targeting those things now and then.

Recently, VTech, a Hong Kong global supplier of electronic learning products from infancy to preschool and the world's largest manufacturer of cordless phones, app store database hacked by “unauthorized access”.

The customers can download games, e-books and other content on to their Vtech devices from that app stores.

The company made it public on November 27 via a post that the names, home and email addresses, security questions and answers and other information of millions of families had been breached from a top toymaker's database on 14 November.

“An unauthorized party accessed VTech customer data housed on our Learning Lodge app store database on November 14, 2015 HKT. Learning Lodge allows our customers to download apps, learning games, e-books and other educational content to their VTech products,” the firm wrote in the post.

However, the firm has not provided exact number of victims of the hack.

After discovering the unauthorized access, the company started an investigation, which involved a comprehensive check of the affected site and implementation of measures to defend against further attacks.

“Our customer database contains general user profile information including name, email address, encrypted password, secret question and answer for password retrieval, IP address, mailing address and download history,” it added.

The company has clarified that the database does not contain any credit card information of the customers.

“VTech does not process nor store any customer credit card data on the Learning Lodge website. To complete the payment or check-out process of any downloads made on the Learning Lodge website, our customers are directed to a secure, third party payment gateway,” the post read.

Furthermore, the customer database does not contain any personal identification data (such as ID card numbers, Social Security numbers or driving license numbers).

The investigation is still going on. The firm is looking for additional ways to strengthen Learning Lodge database security. 

Mr.Grey back again: Theft of 1.2 billion log-in credentials

Mr. Grey, not again! A Reuter report has confirmed that the famous hacker Mr. Grey’s involvement in stealing 1.2 billion internet credentials.

Mr. Grey, who had got the access to user account information for websites like Facebook (FB.O) and Twitter (TWTR.N), now linked by the FBI through a Russian email address to the theft of a record 1.2 billion Internet credentials.

According to the documents, which were made public by a federal court in Milwaukee Wisconsin, the hacker was associated with a cybsecurity firm that announced in August 2014 that it had determined an alleged Russian crime ring was responsible for stealing information from more than 420,000 websites.

The investigation started last year when Milwaukee-based cybersecurity firm obtained information that a Russian hacker group it dubbed CyberVor had stolen the 1.2 billion credentials and more than 500 million email addresses.

After that the FBI subsequently found lists of domain names and utilities that investigators believe were used to send spam.

It also discovered an email address registered in 2010 contained in the spam utilities for a "mistergrey".

Further, it found out posts of 2011 by the hacker stating that if anyone wanted account information for users of Facebook, Twitter and Russian-based social network VK, he could locate the records.

Alex Holden, Hold Security's chief information security officer, told Reuters this message indicated mr.grey likely operated or had access to a database that amassed stolen data from computers via malware and viruses.