Russian Hackers Steal 1.2 B Usernames and Passwords

Yesterday, news broke about a brand new Internet security threat. A post from cybersecurity firm Hold Security claims that a Russian “cybergang” of hackers has managed to illicitly gain access to over 1.2 billion usernames and password combinations, with over 500 million email addresses. That, as you have probably guessed by now, is pretty bad.

According to Hold Security, CyberVor – a title they coined for the unnamed group, since “vor” is Russian for “thief” – used botnets to pull security data from over 400,000 sites visited by users.

“The CyberVors did not differentiate between small or large sites,” says the post. “They didn’t just target large companies; instead, they targeted every site that their victims visited. With hundreds of thousands [of] sites affected, the list includes many leaders in virtually all industries across the world, as well as a multitude of small or even personal websites.”

In short, if you visited a site, like, ever, you’re potentially a victim here.

However, if you took a few precautions, you may be less vulnerable. Joe Siegrist, the CEO and cofounder of password security company LastPass, says that there are some easy strategies that most people can follow to minimize the damage.

“Only people who use random unique passwords on every site have reduced their risk from this latest breach,” he says. “If you reuse passwords you are critically exposed.”

While Siegrist recommends that users take advantage of LastPass, it’s clear that at the very least users ought to have unique passwords for each and every site they use. Randomized passwords are best, of course, but if nothing else, reusing the same password and email combination across various sites makes users even more vulnerable to security breaches like this.

And now that these usernames and passwords have been obtained? It might not be a terrible idea to go ahead and start changing your passwords now.

[Source: Hold Security via CNET]