WASHINGTON - A Russian hacker group has stolen an estimated 1.2 billion Internet credentials from major US companies and others around the world, the New York Times reported Tuesday.
Citing researchers from Hold Security, the report said confidential user names and passwords were stolen from some 420,000 websites, ranging from household names to small Internet sites.
Hold did not immediately respond to a request for comment.
According to the report, the hackers gained access to 500 million email accounts.
"Hackers did not just target US companies, they targeted any website they could get, ranging from Fortune 500 companies to very small websites," said Hold security founder Alex Holden told the daily.
"And most of these sites are still vulnerable."
In what is likely the largest data breach known, the group of hackers based their operation in south central Russia, a flanked by Kazakhstan and Mongolia, the report said.
The Times said the group includes fewer than a dozen men in their 20s and that their computer servers are believed to be in Russia.
"There is a division of labour within the gang," Holden is quoted as saying. "Some are writing the programming, some are stealing the data."