More than 1.6 billion internet username and password combinations have been stolen by a Russian crime gang in a massive security breach.

US security firm Hold Security revealed confidential material had been gathered from more than 500 million email addresses and 420,000 websites.

The hackers targeted both big and small websites across the globe, The New York Times reported.

Hold Security has not named the companies which have been targeted as their sites remained “vulnerable”.

However another security expert who analysed the stolen credentials told The Times the breach was authentic.

It is understood some larger companies are aware their records were among the stolen information.

Founder and chief information security officer of Hold Security Alex Holden said the breach was massive and wasn’t confined just to the US.

“Hackers did not just target US companies, they targeted any website they could get, ranging from Fortune 500 companies to very small websites,” he said.

“And most of these sites are still vulnerable.”

The breach has sparked warnings for users to step up their password security details to avoid having their information stolen.

IT security and risk management solutions Sense of Security chief operating officer Murray Goldschmidt said this incident was evidence that users needed to be more vigilant when it came to protecting their personal information.

Mr. Goldschmidt said while it wasn’t known exactly what companies were yet affected, it was a wise idea to change and update passwords regularly, irrespective of this hack.

He added people using shared passwords and credentials across various networks and sites were most at risk of having their information compromised.

“If even one of these passwords are compromised, it’s like a domino effect,“ he told news.com.au.

He said users were at risk of being affected by the hack due to our high use of overseas websites.

“[Users] are frequently engaged in using international websites … so by virtue of being on the internet, there is a risk of credentials being accessed,” he said.

Mr. Goldschmidt advised users to change passwords which are shared and to use strong passwords which had a combination of numbers and letters.

He also said changing them regularly also lessened the risk of vital information being compromised.

It wouldn’t be the first time web users have been affected by a massive security breach.

In May, online giant eBay warned customers to change their passwords after cyber attackers broke into its databases.

Its database was compromised which “included eBay customers’ name, encrypted password, email address, physical address, phone number and date of birth”.

However, financial information or other confidential personal information was not affected.

And in 2012 social network LinkedIn suffered a massive security breach which resulted in the loss of up to millions of encrypted passwords, which could allow hackers to break into subscribers accounts.

The hacked passwords were first posted to a Russian hackers forum, Norway-based tech blog.