On the heels of the admittance of just how much the severe cyber attack on Target cost the retailer comes the revelation of what might be the largest swath of stolen Internet credentials ever.
A crime ring based in Russia is said to have stolen more than 1.2 billion Internet credentials (usernames and passwords) with more than 500 million email addresses, according to the New York Times on Tuesday.
The news organization accredited the find to Milwaukee-based Hold Security, a technology and business intelligence firm that both provides enterprise security infrastructure and conducts incident investigations for clients worldwide.
Names of targeted websites and victims has not been published, but it was noted that the culprits have hacked into websites great and small.
Even more curious is that most of the IDs that have been exploited thus far have been used for indirect financial returns, namely for sending spam on social networks rather than vast illegal spending and selling the credentials on the black market.
Earlier on Tuesday, Target -- which arguably became the poster child for extraordinary data breaches -- admitted that it saw net expenses of $110 million from the attack on its payments infrastructure last winter.
Costs from the breach consist of losses for the majority of actual and potential breach-related claims, including those from payment card networks.
In Target's case, hackers thought to have been based in Eastern Europe got their hands on the names, mailing addresses, phone numbers and email addresses for up to 70 million people.
In response to Target's estimation of the financial costs of the incident (although customer trust might be priceless), analysts surmised it could have been much worse.
In reflection of how many more people have been revealed to be vulnerable thanks to this latest sting, that sentiment rings even more true.