Hackers have amassed a vast collection of stolen data, including 1.2 billion unique username/password pairs, by compromising over 420,000 websites using SQL injection techniques. This data haul may yet turn out to be a ‘Heartbleed’ moment for website owners who assume their sites are too small to be of interest to hackers.