Hold Security of Milwaukee, Wisconsin, disclosed earlier this month that it had discovered the credentials, collected over several years from approximately 420,000 websites and other servers.
"The FBI is investigating the recently reported incident involving the potential compromise of numerous user names and passwords, and will provide additional information as the nature and scope of the incident becomes clearer," agency spokesman Josh Campbell said on Tuesday via email.
Hold Security said on Aug. 5 that it obtained the credentials from a criminal gang that it has dubbed CyberVor, which focuses on stealing login credentials.
The thievery was described in a New York Times story based on the findings of Hold Security, a firm that has a history of uncovering online security breaches.
The identities of the websites that were broken into weren't identified by the Times, which cited nondisclosure agreements that required Hold Security to keep some information confidential.
Alex Holden, the founder and chief information security officer of Hold Security, told the Times that most of the sites hit by the Russian hackers are still vulnerable to further break-ins. Besides filching 1.2 billion online passwords, the hackers also have amassed 500 million email addresses that could help them engineer other crimes, according to Hold Security.
So, far little of the information stolen in the wave of attacks appears to have been sold to other online crooks, according to the Times. Instead, the information is being used to send marketing pitches, schemes and other junk messages on social networks on Twitter, the newspaper said at the time.
Written with agency inputs