Internet data watchers Hold Security published a post this week revealing that they have found 360 million stolen and abused credentials and 1.25 billion records containing only email addresses. These figures, they added, are not meant to scare you. Too late. Hold Securitys chief information security officer Alex Holden told Reuters that he thinks the information was stolen in breaches that affected companies have not yet reported, adding we have staff working around the clock to identify victims. The breaches could actually be more harmful to victims than credit card theft because passwords could act as an entry point into several private accounts (especially because most people dont actually use different passwords for different accounts). Furthermore, security expert Heather Bearfield warned that money taken from bank accounts with stolen credentials are not necessarily refundable. The massive trove of credentials includes user names, which are typically email addresses, and passwords that in most cases are in unencrypted text… The email addresses are from major providers such as AOL Inc, Google Inc, Microsoft Corp and Yahoo Inc and almost all Fortune 500 companies and nonprofit organizations.