A security researcher has discovered a criminal database containing access details for 200,000 servers worldwide belonging to organisations including the BBC in the UK.
The database was being used by at least two e-crime groups in Europe and one in the US to infiltrate company and organisation servers in 86 countries.
Malware is transferred to the vistors' computers and when they access IT systems within their organisation, the access details are captured and sent to the criminal database.
Ian Amit, director of security research at Israeli-based Aladdin Knowledge Systems told Computer Weekly that around 107,000 of the 200,000 records had been validated.
UK organisations accounted for 900 of the validated credentials found on the database, including the BBC, which was among those notified of the threat last week.
Amit said of those 900 validated UK records, 600 had been used to infiltrate legitimate websites hosted in the UK as well as about 82,000 other websites around the world.
All affected websites and important organisations listed on the criminal database have been notified by a task group set up by the internet security organisation, CERT.
However, Amit said it would still take some time to notify all the owners of all 200,000 records found on the database.