Liz Crenshaw's Guide to Consumer Issues, Recalls and More

A Russian Cybergang Probably Has Your Internet Passwords: What To Do Right Now

View Comments ()
|
Email
|
Print

    NEWSLETTERS

    Shuttershock

    This is not a drill: More than 1.2 billion usernames and password combinations have been stolen. And that means it's officially time to change your online passwords.

    In what is being called the largest collection of stolen Internet data ever, a Russian cybergang has reportedly breached more than 420,000 websites and collected login information. About 500 million of the stolen usernames were email addresses.

    4 Ways to Protect Your Passwords

    [DC] 4 Ways to Protect Your Passwords
    Russian hackers have reportedly stolen more than 1.2 billion usernames and passwords, according to the New York Times. So what can you do to protect yourself? Eun Yang explains. (Published Wednesday, Aug 6, 2014)

    This latest break-in, discovered by a firm called Hold Security, is raising doubts about what companies can actually do to protect your online information -- meaning, it's mostly up to you.

    Here's what you can do right now to keep your online accounts safe:

    Password Safety: Protect Yourself From ID Theft

    [DC] Password Safety: Protect Yourself From ID Theft
    Consumer Reporter Erika Gonzalez offers advice for protecting yourself from identity theft after 1.2 billion usernames and password combinations were stolen. (Published Wednesday, Aug 6, 2014)

    1. Stop what you're doing and change your passwords

    Just do it. From social media sites to online shopping accounts, all kinds of websites were breached -- and so were your passwords.

    "Hackers did not just target U.S. companies, they targeted any website they could get, ranging from Fortune 500 companies to very small websites," Hold Security founder and Chief Information Security Officer Alex Holden told the New York Times on Tuesday. "And most of these sites are still vulnerable."

    Since we haven't learned yet which companies were affected, the safest step is to hit the keyboard and change all your passwords.

    2. And be more creative this time

    Avoid using your old standbys and mix it up -- "1234" and "password" don't make the cut anymore. Take a look at all of your passwords and delete any duplicate versions or especially weak ones. Avoid using your birth date, your name, city of birth and other basic personal details, especially those that can be found on social media.

    3. Get a password managing tool

    How could you possibly remember those long strings of letters, numbers and symbols that have nothing to do with your dog's name? Try getting a password manager like LastPass or  1Password  to keep track of the more complicated information. They not only store passwords, but also create complex ones for you. Many are free and work on desktop computers and mobile devices.

    4. Split social media and banking

    There's a difference in someone breaking into your Twitter account and getting your credit card number. Don't use the same (or a similar) password for all of these websites. Be sure to make those passwords more complex for more important accounts.

    5. Clear your email

    There's probably a slew of passwords hiding in forgotten messages and email folders. Go ahead and delete those. Do a simple search for "password" and trash all the results. You can also try searching for "login" and "username." By doing this, you'll make it harder for crooks to find your accounts.

    6. Take extra steps with critical accounts

    Things like your bank, email, online investing and cell phone are critical. For online banking, you can set up  two-step verification for your account. That means you enter an extra code after your password each time that is sent to your phone. If your bank doesn't offer this kind of feature, consider switching.

     7. See if you were affected

    Having a password-panic yet? Well, there is a way to see if you were affected by the breach. The company that uncovered the breach, Hold Security, is allowing people to pre-register online to see if their information was stolen.  If you think your online passwords were stolen, the U.S. PIRG Education Fund explains what steps to take, such as notifying your bank and filing a police report.