A Russian crime syndicate holds a massive collection of stolen online credentials, including 1.2 billion user names with their corresponding passwords and 500 million email addresses, reports say.
The collection is the largest one in the world, which also includes confidential information extracted from 420,000 websites.
The records were discovered by Milwaukee-based Hold Security, which has uncovered significant security breaches such as the Adobe Systems hack last year, where tens of millions of records were stolen from the company.
Hold Security is not revealing the names of the victims of the Russian crime syndicate, as part of the company's nondisclosure agreements and the decision to withhold revealing websites that remain vulnerable to hack attacks.
"Hackers did not just target U.S. companies, they targeted any website they could get, ranging from Fortune 500 companies to very small websites," Hold Security's chief information security officer and founder Alex Holden said. "And most of these sites are still vulnerable."
Holden revealed the details of the collection to the public this week so that it can be discussed at an industry conference, in addition to informing small websites that Holden may not have time to contact that they should investigate the security breach.
A security expert that was requested by The New York Times to investigate the collection confirmed the authenticity of the stolen online credentials. Another online crime expert said that some big companies know that their online records were included in the stolen data.
Preventing hackers from stealing personal information that can be extracted online is increasingly becoming more difficult. It was reported last December that hackers in Eastern Europe were able to steal millions of credit card and debit card numbers from retail giant Target. The information stolen by the hackers is referred to as "track data," which would allow them to create counterfeit credit cards and debit cards by encoding the hacked information onto the magnetic stripe of any other card.
Due to the attack, Target lost $450 million, leading to a 46 percent decline in their fourth quarter earnings last year.
The massive collection of a Russian crime syndicate, however, is a much bigger issue than the one that Target faced, as the collection includes information from both individuals and corporations.
Hold Security's discovery is prompting online security experts from all over the world to call for improved protection for online information to be able to counter the growing threat of data breaches.