Russia gang in largest data breach [311]

Hold Security described the hack as the "largest data breach known to date".

It claimed the stolen information came from more than 420,000 websitessites, including "many leaders in virtually all industries across the world".

Hold Security did not give details of the companies affected by the hack.

"They didn't just target large companies; instead, they targeted every site that their victims vivisited"d," Hold Security said in its report.

"With hundreds of thousands of sitess affected, the list includes many leaders in virtually all industries across the world, as well as a multitude of small or even personal websites"

These databases were used to attack e-mail providers, social media, and other websitessites to distribute spam to victims and install malicious redirections on legitimate systems”

The New York Times, which first reported the findings, said that on its request "a security expert not affiliated with Hold Security analysed the database of stolen credentials and confirmed it was authentic".

"Another computer crime expert who had reviewed the data, but was not allowed to discuss it publicly, said some big companies were aware that their records were among the stolen information," the paper said.

The paper added: "Hold Security would not name the victims, citing nondisclosure agreements and a reluctance to name companies whose sitess remained vulnerable."

The Wall Street Journal later revealed that Hold intended to offer websitesite owners the ability to check whether they had been affected, but only if they paid a fee.

The firm initially posted a message on its site saying it would charge $120 (£71) a month for the "breach notification service", however the details have since been replaced with a message saying "coming soon!".

Hold Security, which has previously reported about hacks on Adobe and Target, said it took more than seven months of research to discover the extent of the latest hack.

The firm claimed the gang initially acquired databases of stolen credentials from fellow hackers on the black market.

"These databases were used to attack e-mail providers, social media, and other websitessites to distribute spam to victims and install malicious redirections on legitimate systems," Hold Security said.

The hackers also got access to data from botnets - a network of computers infected with malware to trigger online fraud.

Hold Security said the botnets helped the hacking group - which it dubbed CyberVor - identify more than 400,000 websitessites that were vulnerable to cyber attacks.

"The CyberVors used these vulnerabilities to steal data from these sites's' databases," the firm said.

"To the best of our knowledge, they mostly focused on stealing credentials, eventually ending up with the largest cache of stolen personal information, totalling over 1.2 billion unique sets of e-mails and passwords."

The University of Surrey's Prof Alan Woodward suggests the following rules should be observed when picking a new password.

Don't choose one obviously associated with you

Hackers can find out a lot about you from social media so if they are targeting you specifically and you choose, say, your pet's name you're in trouble.

Choose words that don't appear in a dictionary

Hackers can precalculate the encrypted forms of whole dictionaries and easily reverse engineer your password.

Use a mixture of unusual characters

You can use a word or phrase that you can easily remember but where characters are substituted, eg, Myd0gha2B1g3ars!

Have different passwords for different sitess and systems

If hackers compromise one system you do not want them having the key to unlock all your other accounts.

Keep them safely

With multiple passwords it is tempting to write them down and carry them around with you. Better to use some form of secure password vault on your phone.