According to the reports, the bank discovered that the intruders had used some of the same offshore servers to hack both the bank and the website of the JPMorgan Corporate Challenge. The New York Times said the breach was part of a repository of a billion stolen passwords and usernames from some 420,000 websites that a Milwaukee-based security consulting firm, Hold Security, had traced to a gang of Russian hackers.