A Russian gang has compromised and stolen over a billion credentials from 420,000 web sites, according to a new report by The New York Times and security research firm Hold Security.
Hold Security reported on a similar hack back in February that may or may not be related to this one. The firm isn't mentioning the names of any of the sites hacked because many of them are still vulnerable.
Right now it seems like the bulk of those usernames, emails and passwords are being used to post spam on social networks, and haven't been sold to identity thieves or anyone else. Because of that, we're not suggesting you run out and change all of your passwords just yet.
With that in mind, it's a good time to double-check your password security and make sure everything's in order. Password tricks don't always work, but it's good to audit and check out your passwords occasionally since the only secure password is one you can't remember. Here's a quick primer for getting started with our favourite password manager, LastPass (any other password manager, such as one of these, will do the trick too):
- If you're brand new to LastPass, head over to our beginner's guide to LastPass to get up and running.
- If you're already using LastPass, our intermediate guide will help you go beyond the basics.
- Of particular interest right now, you can use LastPass to audit and update your passwords. Its audit tool can reveal your least secure passwords and tell you which passwords you're repeating on various sites.
Russian Gang Said to Amass More Than a Billion Stolen Internet Credentials [The New York Times]