Gang reported to have hacked 1.2 billion usernames & passwords

August 6th 2014

It is believed that 1.2 billion usernames and passwords belonging to more than 500 million email addresses of users across the world have been hacked by a Russian gang in what an internet security specialist describes as the largest data breach known to date.

For information and advice on safe use of passwords, click here
For information and advice for businesses on how to keep your website safe from hacking, click here

The data allegedly came from 420,000 websites including "many leaders in virutally all industries across the world", according to US-based Hold Security. The company has not revealed which companies were hacked. It was not just large companies who were affected, but every site – large or small – that their victims visited.

The breach was first reported by the New York Times, who had another, independent security expert analyse the database of stolen credentials to confirm its authenticity. Another US newspaper, the Wall Street Journal, understands that Hold Security will offer website owners the ability to check whether they have been affected, on payment of a fee.

The Russian hackers are said to have acquired the data in two ways. Initially, they purchased databases of stolen credentials from other hackers, the information then being used to attack email providers, social media and other websites to distribute spam and intall malware on victims' systems. They also used botnets to identify more than 400,000 vulnerable websites.

If you think you have been a victim of actual or attempted fraud, report it to Action Fraud on 0300 123 2040 or on their online reporting tool at


Written by

In partnership with