Hold Security, an independent cyber-security company, has detected that Russian-speaking hackers have breached 97 websites, including several similar to dating website Ashley Madison. Login credentials were stolen, potentially putting the privacy of hundreds of thousands of users in jeopardy.
Loads of stolen information was stored in batches on a server discovered by the company's analysts. Alex Holden, Hold Security's founder and CTO said that despite the critical data, the server was open and not password protected.
Holden estimates the breaches on the websites began on 4 July and concluded about a week ago. The data discovered on the server includes an inclusive list of sites along with their software and network vulnerabilities. Notes written in Russian were also found.
Analysts found that a significant number of the websites appeared to have database vulnerabilities. If exploited, these vulnerabilities would have given hackers the ability to access other information stored in the system. The data includes a large list of email addresses and lists of unencrypted passwords from certain sites.
It appears that the hackers do not have a definite plan in deciding what to do with the breached data as of now.
Holden notes that the Russian-speaking hacker group does not appear to be related to Impact Team, notorious for the Ashley Madison breach. No sensitive information was located, unlike in the dating website's case.
At this time, Hold Security has not revealed the full list of breached companies.