Earlier this summer, we created a list of 2014’s biggest data breaches, and it looks like we have one more to add: trusted security firm, Hold Security, has uncovered a Russian crime ring in possession of 1.2 billion user name and password combinations for more than 400,000 websites. Experts say this doesn’t seem like a targeted hack; rather, it’s a collection of data from businesses around the globe.
The hacking ring, believed to be a small group of men in their 20s, appears to be using these records to send spam on social networks and collect fees for their work. So far, there is no evidence that they plan to sell this data to other scammers.
Of course, the group didn’t collect this data overnight. Since this spring, the hackers have used “botnets,” or computers infected with a phishing virus, to do their bidding. By mid-summer, the hackers were able to collect 4.5 billion passwords. Though many overlapped, the group still collected over a billion logins from various sources.
Many of the companies impacted by this breach are aware that their data has been compromised, according to a security expert who spoke to the New York Times under conditions of anonymity. Astonishingly enough, even with a breach of this magnitude as an example, many companies are still not taking the necessary steps to secure their customer’s data.
It’s frightening to think about, but the fact of the matter is unless you protect your personal information, you will likely not know when and if it has been compromised.
Following these steps can help you stay safe
- Change all of your passwords for sites related to financial, health, or other credit card data.
- Give each account a unique password. Password duplication between accounts makes it easier for hackers to gather more of your data.
- Create strong passwords that use symbols and numbers, not just letters. And, don’t use something obvious like your name or a word that can be found in the dictionary. Even when obscured by symbols, these passwords are easy to crack. Many services will do this work for you, including LastPass and 1Password, to name a few.
- Utilize additional security features offered by many sites. Google and Apple, for example, both offer two-factor authentication services. This particular service will send a notification to your mobile device if there is an attempt to log in to your account from a new computer.
Even then, password protection isn’t always enough. IdentityForce provides the next level of security with services such as UltraSecure and UltraSecure+Credit. We’ll closely monitor your online activity and alert you when suspicious actions occur—so you can stop the bad guys before more damage is done.
Image courtesy of Flickr user ditatompel.