1.2 billion internet credentials of major U.S. companies and other groups and individuals have been stolen by Russian hackers in what could be the largest date breach ever, The New York Times reports.

These credentials include user name and password combinations as well as more than 500 million email addresses, with confidential details coming from over 420,000 websites.

Discovered by Milwaukee-based firm Hold Security, which is known for uncovering major hacking cases, the obtained information came from a wide range of internet users, including small sites and household names.

The company would not divulge the names of the victims, referring to nondisclosure agreements and how they wanted to protect the security of the already vulnerable companies. A security expert who is not connected with the company confirmed the authenticity of Hold Security's claim by analyzing the same database of stolen credentials.

Founder and chief information security officer of Hold Security Alex Holden said that U.S. companies were not the sole target of the hackers but they also went for any website they could possibly get, including very small websites and Fortune 500 companies.

This discovery was a product of an 18-month long investigation to uncover the activities of the online gang. The cyber gang based in Russia is composed of a dozen men who are in their 20s and began as amateur spammers in 2011 when they used to buy information from the online black market.

It is possible that the group has teamed up with a larger entity to pull off a heist of this magnitude. The group is believed to have used botnets in extracting personal information on a massive scale, allowing them to infect thousands of computers.

While the criminals appear to not have sold the information online, they have been using the details to send spam on social networks.