A U.S.-based cybersecurity firm says a Russian crime ring has stolen some 1.2 billion Internet logins and passwords and more than 500 million e-mail addresses.
"The New York Times" reported that Hold Security uncovered the theft.
The firm said the data was taken from more than 400,000 websites.
The cybersecurity firm said it cannot for legal reasons identify the sites that were hacked by the Russian crime.
It said the hacking ring is based in a small city in south-central Russia.
Hold Security said many of the hacked websites -- which included major international companies and small ones -- are still not secure and vulnerable to attack.
It added that the hackers are using the stolen information to send spam on social networks, such as Twitter, for other companies for money.