Hackers exploited a stolen credential to gain access to the company's support system
Attackers stole personal data by guessing login credentials
Firm says the threat actor was 'sophisticated' and 'persistent'
Sold stolen logins, cookies, browser fingerprints and other information
Of those, 225 million are new passwords that were not part of the database previously
The BulletProofLink operation runs an online portal, where customers can access services including hosting, templates and email campaigns
Silex attacks any Unix-like system with default login credentials