The Federal Bureau of Investigation (FBI) is currently on a manhunt to apprehend a single hacker who has managed to steal about 1.2 billion online login credentials.
According to investigations, the suspect, known as "mr.grey" is linked to a Russian cyber crime organization known as CyberVor.
The theft was first discovered earlier this year by Hold Security, a U.S. based firm that monitors cyber security. As noted by the company, aside from the login credentials, the hackers also managed to steal 500 million addresses in 2014, CBS DC reported.
It was also reported that the hacker tried to sell the stolen details through Facebook and Twitter.
Through the investigations, the logins stolen by "mr.grey" were linked to a Russian email address. This led authorities to believe that the hacker might be connected to CyberVor, which was responsible for illegally accessing over 420,000 websites.
"To the best of our knowledge, they mostly focused on stealing credentials, eventually ending up with the largest cache of stolen personal information totaling over 1.2 billion unique sets of emails and passwords," Hold Security said according to the BBC.
Darktrace, another security firm looking into the matter, noted that the hacker most likely carried out the attack using botnets. According to Dave Palmer, the director of the security firm, botnets are composed of vast networks of connected computers that are programmed to conduct maliciously activity online.
Although this method is commonly used to attack a specific target, Palmer said the botnets were probably used in this case to scan websites based in different parts of the globle.
According to court documents submitted by the FBI, the agency also discovered a list containing various tools and domain names that were probably used to send spam messages to potential victims. Once opened, these messages could have allowed the hacker to gain access to the victims' personal online information, Reuters has learned.
"What's interesting about this is botnets are usually used to harness their massive scale attack on an individual target - like taking computer games consoles down last Christmas for example," he told BBC. "It's instead been used as a massive scanner scanning websites all around the world for weaknesses."
Despite the massive scale of the attack, Palmer noted that this can still be prevented from happening in the future. Websites can protect the personal information and other important details of their users by turning to simple security tools.