- A Russian crime ring based in a small city in south central Russia has amassed the largest known collection of stolen Internet credentials, including 1.2 billion user name and password combinations and more than 500 million email addresses
- The records include confidential material gathered from 420,000 websites from big companies (Fortune 500 companies) to small Internet sites and most of these sites are still vulnerable.
- Some big companies were aware that their records were among the stolen information but have not commented.- This is not good but expect to see companies comment as they try and patch this again.
- So far, the criminals appear to have not sold many of the records online.
- They appear to be using the stolen information to send spam on social networks like Twitter at the behest of other groups, collecting fees for their work.
- Selling the records on the black market would be lucrative.
THIS WILL BE ABOUT IDENTITY THEFT
- While a credit card can be easily canceled, personal credentials like an email address and or password can be used for identity theft. Because people tend to use the same passwords for different sites, criminals test stolen credentials on websites where valuable information can be gleaned, like those of banks / financial institutions.
HOW DID THEY GET THIS INFORMATION?
- The Russian hackers have been able to capture credentials on a mass scale using botnets — networks of zombie computers that have been infected with a computer virus – if you have virus’s and or malware on your computer you could be contributing to this.
- When an infected user visits a website, criminals command the virus to test that website to see if it is vulnerable to a well-known hacking technique.
- If the website proves vulnerable, criminals flag the site and return later to extract the full contents of the database.
WHAT CAN WE DO
How do I know if my personal information was stolen?
- Assume it is. This is big and similar attacks and smaller thefts are happening all the time.
- The security firm (Hold Security) is creating an online tool to allow consumers to see whether their records have been stolen, but they are not certain when it will be ready.
- At this point, it is wisest to improve your online security immediately.
SHOULD I CHANGE MY PASSWORD?
- Yes , change passwords for sites that contain sensitive information like financial, health or credit card data. Don’t use the same password across multiple sites.
HOW DO I CREATE STRONGER PASSWORDS?
- Try a password manager like LastPass or Password Safe
- These sites create a unique password for each website you visit and store them in a database protected by a master password that you create.
- If you must create your own passwords, make sure they are not based on dictionary words.
- Learn about LastPass – Click Here
ARE PASSWORDS ENOUGH?
- Passwords are not enough. See if your site offers two-factor authentication.
- Then, when you enter your password, you’ll receive a message (a text) with a one-time code that you must enter before you can log in.
- Many bank sites and sites like Google , Apple , Microsoft offer two-factor authentication.
- Learn about 2 Factor Authentication : Click Here
HOW CAN I STOP MY INFORMATION FROM BEING STOLEN IN THE FIRST PLACE?
Increasingly, you cannot.
- The companies storing your personal data are responsible for securing it. Consumers can slow down hackers and identity thieves, but corporate computer security and law enforcement are the biggest deterrents.
- Monitoring your financial records can help minimize the damage if someone gets your information.