Russian hacking sting

The New York Times reported on the data breach Tuesday saying the group of hackers had their operation based in southern central Russia.

The group included around a dozen men in their 20s. Their computer servers were believed to be in Russia, experts belonging to the US-based cyber security firm, Hold Security, were quoted by the newspaper as saying.

The Milwaukee-based firm said that around 1.2 billion Internet logins and password combinations, as well as more than 500 million email addresses were hacked from around 420,000 websites, ranging from small companies to household names.

Hold Security, which previously reported about hacks on Adobe and Target, said the cyber gang acquired databases of stolen credentials from fellow hackers on the black market, and then installed malware that allowed them to access a number of websites and social media accounts.

It took more than seven months of research to discover the extent of the latest hack, the company said.

Still vulnerable to attack

The firm declined to name the breached sites, citing nondisclosure agreements. It said the hackers could still attack the websites.

"As long as your data is somewhere on the World Wide Web, you may be affected by this breach," Hold said in a statement on its website.

"Your data has not necessarily been stolen from you directly. It could have been stolen from the service or goods providers to whom you entrust your personal information, from your employers, even from your friends and family."

shs/rc (AFP, Reuters)