Noted computer safety firm Hold Security has uncovered a massive database, compiled by Russian hackers, containing over 1.2 billion username and password combinations and over 500 million email addresses stolen from more than 420,000 website of various types, The New York Times is reporting.
“Hackers did not just target U.S. companies, they targeted any website they could get, ranging from Fortune 500 companies to very small websites,” Hold Security Chief Information Security Officer Alex Holden told the Times. “And most of these sites are still vulnerable.”
Hold Security has declined to name specific sites as those compromised.
The Russian criminals have been compiling the database since 2011 through the use of viral botnets. So far, the stolen credentials have primarily been used to send spam on various social networks on behalf of paid clients. It is not believed that the stolen records have been sold to third parties — at least, not yet.
Hold Security has a history of breaking news of major hacks such as these. Last last year, the company brought a massive Adobe data leak of 152 million passwords to light.
While you may not know which accounts of yours may have been compromised — and which will still be compromised, even if you change your credentials — you should still take a moment to update each online banking account (and similar crucial accounts) with a new unique, strong password. Take a look at our tips for creating a strong password for more details.
You can read more details about this breaking story at The New York Times.
[Computer hacker via Shutterstock]