1.2 Billion Internet Passwords Compromised – Steps You Should Consider


August 7, 2014

In what is the largest known collection of stolen Internet credentials, The New York Times reported yesterday that a Russian crime ring has amassed 1.2 billion user name and password combinations and more than 500 million email addresses.  The information, obtained from 420,000 websites, includes Fortune 500 companies to very small businesses.

Because most people keep the same password for multiple services, such as banking, email and social media accounts, hackers are able to leverage a single password against numerous targets.

Due of the volume of data stolen, you should assume your personal information has been compromised.  Here are some common sense steps you should consider (Credit to Molly Wood, New York Times)

  • Change your password for sites containing sensitive information like financial, health, credit card data or email.
  • Create a unique password for each website you visit.
  • Make sure the passwords you create are complex (upper- and lower-case letters, numbers and symbols) and at least 10-characters long.  Make certain they are not based on dictionary words.  Create an anagram.  For example, the sentence I LOVE TO GO FOR A WALK AT NIGHT could become 1L2go4awatPM!
  • Create the strongest passwords for the sites containing the most sensitive information.
  • Do not use the same password across multiple sites.
  • If a site offers additional security features like secondary or two-factor authentication, enable them.  Then, when you enter your password, you’ll receive a message (usually a text) with a one-time code that you must enter before you can log in.  In some cases, the second authentication is required only if you’re logging in from a new computer.
  • Change your password often.
  • Regularly monitor your financial records and report any suspicious activity immediately to your financial institution.