"You could wake up one morning and find all your money in your retirement account or in your trading account is gone," Securities and Exchange Commission Internet enforcement chief John Reed Stark told ABC News.
Authorities are investigating similar schemes in India, Hong Kong and Malaysia, SEC and FBI officials said.
The hackers sometimes cash out stocks in retirement plans and wire the money to their own account or sell off the holdings to "pump and dump" shares in worthless stock they control, the officials told ABC.
In many cases, U.S. account holders have their user IDs and passwords stolen when they use computers at hotel business centers and other Internet connection points, the ABC News report said.
Hacked accounts include customers of E*trade Financial Corp., Scottrade Inc., TD Ameritrade Holding Corp., Fidelity Investments, Merrill Lynch & Co., Charles Schwab Corp. and Vanguard Group.