A Russian gang of hackers is said to have stolen more than 1 billion username and password combinations, and over 500 million email addresses.
The New York Times reported Tuesday that Milwuakee-based security firm Hold Security discovered the heist that included private information collected from 420,000 websites.
According to the Times, the hackers don’t appear to have sold any of the information. Instead, once they gain access to an account, they apparently send spam from the account — like Twitter — and collect fees for their work.
Business Insider suggests setting up two-step authentication to any account — like Gmail — that allows it. Diversifying your passwords is also a key step to preventing your information from getting hacked.
Hold Security has not yet released the names of the hacking victims.