Save Yourself: Russian Hackers Have Your Passwords!
If you’ve been debating about changing your e-mail or social networking account password, now would be a great time to make the switch. According to the Wisconsin-based firm called Hold Security, a Russian cyber-crime ring has recently acquired about 1.2 billion usernames and passwords from over 420,000 websites all around the globe. The identities of the affected websites remain unknown so far, but chances are that the list includes some popular and big-name companies.
Believed to be one of the biggest data breaches of our time, this feat was accomplished by a gang of unnamed Russian hackers that Hold Security has dubbed “CyberVor” (‘vor’ means ‘thief’ in Russian). According to Hold Security and the information they shared with The New York Times, the gang includes less than a dozen of personally-connected Russian men from a small city in south central Russia, and had started in 2011 off as “amateur spammers.”
“Hackers did not just target U.S. companies, they targeted any website they could get, ranging from Fortune 500 companies to very small websites,” said Alex Holden , the founder and chief information security officer of Hold Security. “And most of these sites are still vulnerable.” [Times]
Besides stealing more than a billion of user credentials from web and FTP sites, it has been reported that the hackers have gained access to nearly 500 million email addresses that they could use for a myriad of online criminal activities. It has been assumed that the group came into possession of stolen databases from fellow hackers on the “online black market,” but also used botnet networks to steal data from sites with SQL vulnerabilities.
Here are a few steps you can take to protect yourself from hackers:
1. Create long and strong passwords. Make sure they have a healthy combination of numbers, arbitrary characters, and capitalized letters, and that they are personally relevant so you can remember them better. Stay away from the obvious. “1234” or “password” are neither funny nor safe, and if you’re making a Pottermore account, anyone can abuse it with a passphrase like “alohomora.” Adding a couple of random digits is easy and painless, retrieving leaked information is not. Yes, some people might laugh if you take a few extra seconds to type in your Facebook password, but when their e-mail gets hacked, you’ll be the one who’s laughing.
2. Don’t share your passwords. First, don’t share your passwords through e-mails or IMs. Second, don’t use the same old password for your gazillions of online accounts. All of your profiles might not get hacked, true, but if all of them have the same password, they’re as good as gone.
3. Change your passwords. You might be afraid of taking big steps in your life but we’re not asking you to move in with your SO just yet. But do change your passwords in regular intervals, especially if you think they’re not strong enough. 72 days is recommended, but figure out a system that works for you. Of course, if there’s news of a serious information security breach like this one, making the change is a no-brainer.
4. Opt for additional security. If your e-mail or social media accounts offer two-step authentications, go for it! Just double check that you know what to do if you move continents and can’t use your cell phone number on file. Otherwise, you’ll be stuck like me, with a Google account that I’m locked out from unless I spent a couple thousand bucks on plane tickets to go back home and receive the authorization text.
5. Be safe on the internet. Use recommended settings and internet security systems. Don’t click on untrusted links, and don’t visit unsecured sketchy-seeming websites. Be careful of the things you download, on your computers, laptops, tablets, and even cell phones. Do NOT open e-mails from unknown senders, however much you wish you had won a lottery.