A US cyber-security firm says Russian hackers have obtained usernames and passwords belonging to more than 500 million email addresses from more than 420,000 websites – calling it the “largest data breach known to date”.

Hold Security says the stolen information didn’t just come from poorly protected websites, but from “many leaders in virtually all industries across the world”.  The New York Times reported that on its request “a security expert not affiliated with Hold Security analyzed the database of stolen credentials and confirmed it was authentic"

“With hundreds of thousands of sites affected, the list includes many leaders in virtually all industries across the world, as well as a multitude of small or even personal websites,” Hold said in its report, which took more than seven months to compile to determine the extent of the Russian hacks.

The gang began its collection by acquiring databases of stolen information on the black-market. 

“These databases were used to attack e-mail providers, social media, and other websites to distribute spam to victims and install malicious redirections on legitimate systems,” Hold Security said in its report.

Are your accounts at risk?  Well, we can’t really tell. Hold Security will not reveal the names of the hacked emails because of confidentiality agreements with some, and out of fear of exposing under protected websites with the rest.