And you thought the Target hack was big. Cybersecurity firm Hold Security LLC has discovered a huge trove of 360 million stolen account credentials on a cyber black market site for stolen account and credit card information.



Hold Security, which also discovered the Adobe breach last year, told Reuters that it has been collecting data for the past three weeks and that “the sheer volume is overwhelming.” If some of the username and password combinations can unlock bank accounts, medical records, or corporate networks and enterprise systems, the data breach could potentially cause bigger problems for consumers than stolen credit card numbers would.

Within the 360 million account credentials, 105 million seem to come from a single cyber attack, and if they did, that data represents the largest single data collection breach ever. Ever. Alex Holden, the chief information security officer at Hold Security, told Reuters that he thinks the data is from companies that have not yet announced that they were hacked or do not yet realize it. He said that once Hold Security processes the data, it will alert companies that seem to have been compromised. Most of the data takes the form of unencrypted email addresses and passwords from email providers like AOL, Google, Microsoft, Yahoo, everyone.

For some context, the Target hack from last fall compromised 40 million credit card numbers and 70 million accounts in all. The Neiman Marcus hack, revealed in January, was even bigger, with 1.1 million customers affected over a three-month period (so not a one-time attack). With that in mind, if data about 360 million personal accounts is just chilling on a black market site somewhere, that’s a pretty big deal.