An American cybersecurity firm claims more than 1.2 billion internet logins and passwords have been stolen by a Russian criminal network.
Hold Security of Milwaukee, Wisconsin says the data was taken from around 420,000 websites. More than a half billion email addresses have also allegedly been amassed by the gang.
According to the New York Times, which reports the story, Hold Security has refused to identify which sites were breached, citing nondisclosure agreements and concerns that they remain vulnerable to attack.
Some experts say the security compromise could have wide-ranging implications as many people use the same passwords to access multiple sites.