360 million sets of stolen personal data newly for sale on dark web

Cyber security firm Hold Security warn many won't yet know they've been a victim of a data breach

A web security firm has uncovered details about over 360 million newly stolen sets of personal data available on the black market, many of which could have been attained via cyber attacks against firms that have yet to realise they've been breached.

Around 1.25 billion email addresses are also available for sale to potential fraudsters and cyber scammers.

US-based firm Hold Security has revealed it discovered the "mind boggling" numbers of credentials - many of which feature email addresses and passwords - up for sale by cyber criminals in less than a month.

"In the first three weeks of February, we identified nearly 360 million stolen and abused credentials and 1.25 billion records containing only email addresses," said a statement by Hold Security.

"These mind boggling numbers are not meant to scare you and they are a product of multiple breaches which we are independently investigating. This is a call to action, and if you are concerned about integrity of your company's user credentials we encourage you to use our Credentials Integrity Services," it added.

The discovery poses a bigger risk to businesses and consumers than a more "standard" theft of credit card information, because the data on offer could be used to manipulate anything from online bank accounts to health records to corporate networks.

"The sheer volume is overwhelming," said Alex Holden chief information security officer of Hold Security, who indicated the details were stolen in a number of separate attacks, one of which resulted in the theft of 105 million records - the biggest single breach of data ever recorded.

It would top the 70 million customers of US retailer Target whose personal details were stolen in a series of cyber attacks in December last year.

Holden added that many of the data breaches are either yet to be reported or yet to be discovered by the organisations that suffered them.

"We have staff working around the clock to identify the victims," he told Reuters.