A Russian crime ring has amassed a gargantuan database of pilfered login credentials, including 1.2 billion unique username-password combinations and 542 million email addresses. This makes it the largest known collection of stolen credentials to date. Criminals are merely using the records to operate a spammer-for-hire service. The incident underlines the persistent troubles of lax website security, inadequate monitoring, and single-factor authentication. Vendors are in a transition period where the most effective products are not yet widely deployed.”]