Russian hackers steal 1.2 billion user credentials. Is this true?

News agencies reported yesterday and today that a group of Russian hackers has stolen a huge number (1.2 billion!) of usernames and passwords using a botnet. This is apparently could be the largest collection of stolen user credentials in the history (if this fact is actually truth).

According to the news, the theft was discovered by an american security company called Hold Security. They did not disclose exactly what web sites have been attacked, but it was mentioned that it is a number of websites from small to big ones.

I am scratching my head trying to understand two things: 1) How did they discover this theft? 2) How do they know that it was Russian group of hackers?

Officials haven't confirmed or disprove this information yet. What's interesting about this is that popular Russian IT web resources haven't published anything about this attack. Also, I took a look at the website of Hold Security and found it pretty basic. Their "Contact us" page doesn't contain any address or phone number, there is only a email standard contact form.

All this looks to me like a big fake. We'll see soon. :)