DAVID GREENE, HOST:
We're learning more this morning about a high-profile data breach - a big one. Russian hackers have allegedly gotten their hands on more than a billion online usernames and passwords. This was first reported by the New York Times. It's believed to be the largest stockpile of stolen credentials ever. Here's NPR's Elise Hu.
ELISE HU, BYLINE: Online security firms had already predicted this would be the year of the big breach. Orla Cox directs a anti-virus firm Symantec's security response teams.
ORLA COX: This year is already on track to be the year of the mega, mega data breach.
HU: How mega is this? The total number of worldwide Internet users is 3 billion and this hack captured more than 1 billion credentials. But as few as a dozen millennial generation hackers were behind it, according to Hold Security, the firm that discovered the breach. That's because most of the data stealing was done by computers with what's known as a zombie army or botnet.
COX: They did not require, you know, highly sophisticated techniques.
HU: Hackers infected the computers with malware - bots that snuck onto sites and link up as a network to amass his record-setting collection. Cox said all hackers had to do was wait.
COX: These are full-time cyber criminals who are, you know, have likely been carrying this out for a number of months maybe even years.
HU: Law enforcement organizations aren't saying whether they're investigating this breach but the Times reports that the companies affected know they're vulnerable. So security firms say change your passwords.
COX: All Internet users should assume that they've been impacted by this.
HU: This billion user breach underscores an ongoing problem as companies race to safeguard our data, hackers can often get to it first. Elise Hu, NPR News, Washington.