Leave a comment

Russian gang stole more than 1 billion names and passwords

Hang on to your hats, because I'm going to tell you about what could be the largest data breach in history.

Security company Hold Security - the same company that brought the huge Adobe data breach to light - is reporting that Russian hackers have stolen - get ready for it - 1.2 billion names and passwords and 500 million email addresses from more than 420,000 websites.

As you can imagine, this breach didn't happen overnight. The Russian hackers have been building infrastructure and stealing information for years. They use a number of methods to go after any site they can find, from major companies to tiny blogs.

The most common method was SQL injection, which tricks a website's database into giving hackers information they shouldn't have. All hackers have to do is send the site the right bit of code.

SQL injection flaws are common and most sites - like mine - work hard to make sure that they don't have them. Still, sites that run older database software or sites that don't set their security properly are easy to crack.

When you think of how many sites out there store user information, it's not hard to see how hackers can steal a lot of information - 420,000 websites worth of information, apparently.

Unfortunately, this is a developing story, so right now Hold Security won't say what sites are affected. Until the sites fix the problems, identifying them will just leave them open to other hackers.

So, what can you do to protect yourself?

1. Change your passwords

I know we just went through this with the Heartbleed bug, but you really should change your passwords again. You don't know which ones hackers might have.

This is especially important if you've been re-using passwords on multiple sites. You don't want hackers breaking into your bank account just because they hacked a small site you visited one time.

When you change passwords, make sure you know how to create new ones that are strong and unique - click here for my steps. You can also use a password manager like KeePass. This helps you create incredibly strong passwords that you don't have to remember, and it encrypts them so hackers can't get them.

2. Turn on other security

A lot of sites have more security than a basic password. Google, Microsoft, Facebook and other sites offer two-factor authentication.

Click here to learn how to set up two-factor authentication on sites you use daily.

This means that to sign in to your account from an unfamiliar computer you have to know the password and have access to your phone or another email address. Even if a hacker steals your information, they won't be able to use it to take over your account.

3. Sign up for alerts

Hold Security is putting together a free system that lets you find out if your information was in the data breach. While it isn't working right this second, you can sign up and you'll get an alert if it eventually finds anything. You'll need to separately sign up with every email address you want to monitor.

There are other sites that do the same thing. You can also check their databases to see if hackers have your information.

You can also sign up for my special alert and daily news newsletters to make sure you're informed on the latest developments.

4. Keep an eye on your accounts

Of course, no matter what you do you'll need to keep an eye on your accounts. That means watching your credit card and bank statements for unusual activities. Of course, you should be doing that anyway.

Keep an eye on social media for status updates you didn't make, and look at your email's Sent folder for emails you didn't send. Those are good clues someone else is in your account. If that happens, change your password again, or consider starting a new account.



View Comments ()
Airliners are wide open to in-flight cyberattacks
Previous Happening Now

Airliners are wide open to in-flight cyberattacks

And the iPhone 6 release date is...
Next Happening Now

And the iPhone 6 release date is...