FBI seeks hacker after 1.2 billion logins are stolen Published duration 25 November 2015

image copyright Thinkstock image caption The hacker had advertised Facebook and Twitter logins for sale

The FBI has linked a hacker to the theft of 1.2 billion internet credentials - the largest heist of its kind.

A hacker known as "mr.grey" is named in court documents filed by the bureau last year, according to the Reuters news agency.

The hacker was linked to the stolen logins via a Russian email address.

Previously, "mr.grey" had advertised the credentials to Facebook and Twitter accounts for sale online.

It was the American cyber security firm Hold Security that initially reported the theft of the credentials and an additional 500 million email addresses last year.

The Russian crime ring responsible for stealing the data - dubbed CyberVor - had breached more than 420,000 websites, according to Hold Security.

In August, the firm said, "To the best of our knowledge, they mostly focused on stealing credentials, eventually ending up with the largest cache of stolen personal information, totalling over 1.2 billion unique sets of e-mails and passwords."

Hold Security then began marketing a "breach notification service" to users concerned that their details had been affected, for $120 (£71) per month.

Botnet breach

Whatever the identity of the perpetrator behind the CyberVor breach, the method used was something of a departure from how botnets - large networks of computers linked together maliciously - are usually used, according to Dave Palmer, director of technology at security firm Darktrace.

"What's interesting about this is botnets are usually used to harness their massive scale to attack an individual target - like taking computer games consoles down last Christmas for example," he told the BBC.

"It's instead been used as a massive scanner scanning websites all around the world for weaknesses."

Mr Palmer added that the vulnerabilities which allowed computers to be drafted into such botnets as well as the flaws in websites which meant login details could be hacked were preventable.

"We're still getting caught out by these attacks," he said.