A black market thrives for your stolen password

Big companies breached regularly: Expert
Big companies breached regularly: Expert

The Russian gangs that reportedly stole more than 1.2 billion passwords from roughly 420,000 websites likely will sell that information "on the black market for multiple dollars per name, per account," a data security expert told CNBC on Wednesday.

"They sell it on the cyber black market and a lot of times it's actually sold to corporations, believe it or not ... that do things like email spamming and other types of advertising," said David DeWalt, CEO of FireEye, a company that offers data protection services. "But it's valuable information ... and when you have a billion of them, it's very, very valuable."

Read More Russian Gang Said to Amass More Than a Billion Stolen Internet Credentials

Soyhan Erim | Getty Images

As it turns out, though, corporationsnot private citizens"are the most vulnerable," DeWalt said. FireEye recently conducted research that showed roughly 97 percent of corporations surveyed experienced a data breach, he said on "Squawk on the Street."

"We're seeing a lot of large retailers, large banks getting breached on a regular basis," he said. "The vulnerabilities that are in a lot of the core infrastructure of the big companies are vulnerable to hackers like the Russians."

Read MoreAmerican Greed: Portrait of a Crime Ring

To DeWalt, the latest attack was "not surprising," saying it's "just the landscape we're in."

Though he didn't go into much detail, DeWalt said stopping foreign hackers is "very difficult" for U.S. law enforcement agencies given the complexity of the servers being located in Russia.

"Until we come up with better governance models, better cooperation, we're going to see these crime groups and nation-states continue to operate successfully," he said.

—By CNBC's Drew Sandholm