The Russian hacking ring is said to have 1.2 billion stolen usernames and passwords, including access to 500 million email addresses.
The discovery was made by Hold Security, a Milwaukee, Wisc. firm specializing in Internet security. According to Hold Security, the stolen information was gathered from over 420,000 websites. Hold Security would not name the victims.
"Hackers did not just target U.S. companies, they targeted any website they could get, ranging from Fortune 500 companies to very small websites," Alex Holden, the founder and chief information security officer of Hold Security, told the New York Times. "And most of these sites are still vulnerable."
According to Hold Security, the data collected by the Russian ring has not been sold. Instead, they are using the information to spam social networks on behalf of other groups for a fee.