This is not a drill: More than 1.2 billion usernames and password combinations have been stolen. And that means it's officially time to change your online passwords.
In what is being called the largest collection of stolen Internet data ever, a Russian cybergang has reportedly breached more than 420,000 websites and collected login information. About 500 million of the stolen usernames were email addresses.
This latest break-in, discovered by a firm called Hold Security, is raising doubts about what companies can actually do to protect your online information -- meaning, it's mostly up to you.
Here's what you can do right now to keep your online accounts safe:
1. Stop what you're doing and change your passwords
Just do it. From social media sites to online shopping accounts, all kinds of websites were breached -- and so were your passwords.
"Hackers did not just target U.S. companies, they targeted any website they could get, ranging from Fortune 500 companies to very small websites," Hold Security founder and Chief Information Security Officer Alex Holden told the New York Times on Tuesday. "And most of these sites are still vulnerable."
Since we haven't learned yet which companies were affected, the safest step is to hit the keyboard and change all your passwords.
2. And be more creative this time
Avoid using your old standbys and mix it up -- "1234" and "password" don't make the cut anymore. Take a look at all of your passwords and delete any duplicate versions or especially weak ones. Avoid using your birth date, your name, city of birth and other basic personal details, especially those that can be found on social media.
3. Get a password managing tool
How could you possibly remember those long strings of letters, numbers and symbols that have nothing to do with your dog's name? Try getting a password manager like LastPass or 1Password to keep track of the more complicated information. They not only store passwords, but also create complex ones for you. Many are free and work on desktop computers and mobile devices.
4. Split social media and banking
There's a difference in someone breaking into your Twitter account and getting your credit card number. Don't use the same (or a similar) password for all of these websites. Be sure to make those passwords more complex for more important accounts.
5. Clear your email
There's probably a slew of passwords hiding in forgotten messages and email folders. Go ahead and delete those. Do a simple search for "password" and trash all the results. You can also try searching for "login" and "username." By doing this, you'll make it harder for crooks to find your accounts.
6. Take extra steps with critical accounts
Things like your bank, email, online investing and cell phone are critical. For online banking, you can set up two-step verification for your account. That means you enter an extra code after your password each time that is sent to your phone. If your bank doesn't offer this kind of feature, consider switching.
7. See if you were affected
Having a password-panic yet? Well, there is a way to see if you were affected by the breach. The company that uncovered the breach, Hold Security, is allowing people to pre-register online to see if their information was stolen. If you think your online passwords were stolen, the U.S. PIRG Education Fund explains what steps to take, such as notifying your bank and filing a police report.