A security firm has allegedly discovered that a Russian cyber gang called CyberVor has gathered what could be the largest ever cache of stolen passwords and Internet credentials (the story hit the New York Times). Hold Security in Milwaukee, Wisconsin, says the Russia gang gathered 500,000 unique email addresses from more than 420,000 websites—from big name ones you’d recognize, to small local sites.
The good news is, apparently the information they have isn’t being used to hack into bank accounts—instead, it’s being sold to email spammers (because, just what you want is more spam about miraculous diet products and little blue pills).
Before you freak out too much, there is some question as to whether Hold’s discovery is legit.
Why? Because immediately after announcing the data hack they began promoting their $120/year website breach notification service for companies. (Hmmmm…create a panic with outrageous numbers and then offer a solution you have to pay for? No reason to doubt that! 😉 ).
However, whether the exact numbers are true, there are a few things you should know and can do to make sure your Internet credentials stay safe any day of the week:
1. Make sure you don’t have bad passwords. This is a no-brainer, even if there wasn’t a giant data breach. Stronger passwords = safer information. And, if you’re having trouble remembering your good passwords, try a consistent strategy like this. Whatever you do, do NOT keep a master password document on your computer. Sure, it’s tempting, but that’s why you shouldn’t–it’s tempting for hackers too!)
2. Treat your virtual life like your real life. In other words, since you wouldn’t hand your social security number to a stranger, don’t do it online either. Note: this tip includes email! Emails are frequently archived for a loooonnnnggg time, keeping that information “alive” and breachable.
3. Check to see if the website you are on has an encrypted connection. If it says “http” in the address bar, it’s not encrypted. If it says “https” then it’s secure (or at least more secure).
4. Keep your computer’s anti-virus software up to date. If you’re having trouble keeping up, then consider a service that does the updating for you (TDS, for example, offers their Internet Security service).
5. Run the updates your computer keeps nagging you about. Those updates frequently contain security patches. Sure, it can be a pain to stop what you’re doing to restart, but there’s a good reason why you should—to keep your credentials safe!