Russian hackers have stolen more than a billion passwords from Fortune 500 companies and small business.
Record of the crimes was discovered by Hold security, a firm in Milwaukee, which revealed usernames and passwords from 420,000 websites had been compromised, according to The New York Times.
So far, the hackers have used information to spam social media and get users to send money to other groups. Selling large numbers of information on the black market can be lucrative too.
Hold Security reportedly has a history of uncovering significant hacks, including the theft last year of tens of millions of records from Adobe Systems.
The company did not release the names of the victims, citing nondisclosure agreements and a reluctance to name companies whose sites remained vulnerable. The records, though, were passed to the The New York Times, which had them independently examined and authenticated.
"Hackers did not just target U.S. companies, they targeted any website they could get, ranging from Fortune 500 companies to very small websites," Alex Holden, the founder and chief information security officer of Hold Security, told The New York Times. "And most of these sites are still vulnerable."
Holden decided to make the hack public this week so the news would coincide with an industry conference.
Prior to news of the hack discovered by Hold Security, attitudes toward cyber security were solemn and industry experts feel they are fighting a losing battle.
In December, 40 million credit card numbers and 70 million addresses, phone numbers and additional pieces of personal information were stolen from the retail giant Target by hackers in Eastern Europe.
Data from Court Ventures, a company now owned by the data brokerage firm Experian, was compromised in October and infiltrators obtained as many as 200 million personal records, including Social Security numbers, credit card data and bank account information.
"Companies that rely on user names and passwords have to develop a sense of urgency about changing this," said Avivah Litan, a security analyst at the research firm Gartner. "Until they do, criminals will just keep stockpiling people's credentials."
You can read details about the band of hackers, where they are thought to be located and what the Russian government is doing to stop them here.