Russian hackers stole 1.2 billion internet credentials from major US companies and others around the world in what is likely the biggest data breach ever, security researchers say.
The US firm Hold Security said the gang, which it dubbed "CyberVor", collected confidential user names and passwords stolen from 420,000 websites, ranging from household names to small internet sites.
"As long as your data is somewhere on the World Wide Web, you may be affected by this breach," Hold said. "Your data has not necessarily been stolen from you directly. It could have been stolen from the service or goods providers to whom you entrust your personal information, from your employers, even from your friends and family."
The security firm, which specialises in research on large data breaches, said the cybergang acquired databases of stolen credentials from fellow hackers on the black market, and then installed malware that allowed them to gain access to many websites and social media accounts.
"To the best of our knowledge, they mostly focused on stealing credentials, eventually ending up with the largest cache of stolen personal information, totalling over 1.2 billion unique sets of emails and passwords," the researchers said.
"The CyberVors did not differentiate between small or large sites. They didn't just target large companies; instead, they targeted every site that their victims visited. With hundreds of thousands of sites affected, the list includes many leaders in virtually all industries across the world, as well as a multitude of small or even personal websites."
The researchers dubbed the hacker group CyberVor, using the Russian word "vor," for thief.
The New York Times said the group of hackers based their operation in south central Russia, flanked by Kazakhstan and Mongolia. The newspaper said the group includes fewer than a dozen men in their 20s and that their computer servers are believed to be in Russia.