A Russian hacking ring has secured a massive trove of stolen personal data, including login information for more than 500 million email addresses, security researchers told the New York Times.
According to the report, the records proving the breaches were discovered by Milwaukee-based Hold Security. The company would not name the victims, but the newspaper got a security expert to confirm the authenticity of the stolen information.
"They targeted any website they could get, ranging from Fortune 500 companies to very small websites," Alex Holden, the founder of Hold Security, told the New York Times. "And most of these sites are still vulnerable."
According to the report, the alleged hackers are making money off the stolen data mainly by being commissioned by other groups to use the data to send spam messages.
The theft of so many logins and passwords, however, is particularly dangerous because people often use the passwords they use for their email logins on a number of other sites.
According to Hold Security's assessment, the hacking ring is composed of several young men who work as a team.
"There is a division of labor within the gang," Holden was quoted saying. "Some are writing the programming, some are stealing the data. It's like you would imagine a small company; everyone is trying to make a living."
Hold Security says it has begun notifying companies that have been affected.
The company did not immediately respond to requests for an interview.
The discovery is the latest in a string of major online security breaches. Most notably, late last year millions of credit card numbers and other personal data were stolen from retail giant Target by Eastern European hackers.