LONGMONT, Colo. (CBS4) – Security researchers say a Russian crime ring has pulled off the largest known theft of private Internet information — an astonishing 1.2 billion usernames and password combinations.
Milwaukee-based Hold Security says the usernames and passwords came from more than 420,000 websites, both big and small. So, now really is the time to change passwords – again – as the theft potentially affects about one in seven people on the planet.
Hold Security had been monitoring the small gangs operation for more than seven months, but they’re based in Russia, so not much can be done, except password protection.
“When you throw in ‘billion,’ that’s when you start getting scared,” said Andrew Matranga, a Longmont-based technology consultant and University of Denver professor.
That’s 1.2 billion passwords and 500 million email addresses now in the hands of Russian hackers.
“I think we should be seriously concerned,” Matranga said.
He says data thefts are not uncommon in cyberspace, but not normally of this size.
“That puts us all possibly right in the target of that,” he said.
Hold Security hasn’t provided the details of how the passwords were stolen other than a new online attack technique that quickly travels from computer to computer.
“It sounds like there’s a lot of third-party aspects to it too,” Matranga said.
There is somewhat good news. Hold Security says the Russian hackers have only been using the personal data to spam social media, meaning people who start seeing more spam might be affected.
“We are going to see more of this,” Matranga said.
Matranga recommends people changing passwords to something unrelated to them and complicated, and says there are apps to help. Some of the easiest things to remember are often the easiest passwords to hack.
“Pick strong words that aren’t your birthday or your kid’s birthday or your address or zip code.”
Those who are worried that they might have had their information stolen can register for free with Hold Security.
There’s one website that lets people check a password’s security — howsecureismypassword.net — which estimates how long it would take a computer to crack your password.
LINK: Hold Security