WASHINGTON D.C., August 6 (RAPSI) – Hold Security, an information security and investigation company that works with businesses to evaluate and improve their IT security, says that a group of Russian hackers has amassed over 500 million e-mail addresses, The New York Times said on Wednesday.

“The hacking ring is based in a small city in south central Russia not far from Kazakhstan and Mongolia. The group includes fewer than a dozen men in their 20s who know each other personally, not just via the net. Their computer servers are thought to be in Russia.” Hold Security did not disclose the names of the suspects or their place of residence. After Hold Security completes its investigation, they plan to alert law enforcement agencies.

According to the company, the suspects have collected 4.5 billion user name/password combinations, though many overlap. After sorting through the data, Hold Security found that 1.2 billion records were unique. This is basically 510 million hacked e-mail addresses.

“So far, the criminals have not sold many of the records online. Instead, they appear to be using the stolen information to send spam on social networks like Twitter at the behest of other groups, collecting fees for their work.

“But selling the records on the black market would be more lucrative.

“While a credit card can be easily canceled, personal credentials like an email address, Social Security number or password can be used for identity theft. Because people tend to use the same passwords for different sites, criminals test stolen credentials on websites where valuable information can be gleaned, like those of banks and brokerage firms.”