A group of Russian hackers has stolen the largest amount of Internet credentials in history. The stolen information includes 1.2 billion usernames and password combinations, as well as 500 million email addresses.
How did they do it?
The gang of cyber criminals built up their pool of stolen credentials over a span of several years. They started work on their illicit enterprise in 2011, when they began buying personal information on the black market. However, in April 2013, they advanced their capabilities.
Since then, the group has begun using botnets — networks of computers that have been infected by a virus — for stealing information on a gargantuan scale. By July, they were able to steal 4.5 billion records, each with a username and password. Although many of these records overlapped, Holden estimated that around 1.2 billion of them were unique.
According to the security firm, the hackers captured information from over 420,000 websites. The victims were from countries around the world, and ranged in size from small businesses to large corporations.
What you can do to protect your information
1. Change your passwords:
While there has been no announcements on which companies have fallen victim to the theft, this does bring home that businesses should be on their guard. First and foremost, those concerned about the safety of their records should change their passwords, making sure not to duplicate passwords for multiple sites.
2. Create unique passwords for every site:
Another crucial measure involves using a password manager tool. These applications create unique passwords for each site that a person visits, and then stores them in a database secured by a master password. This decreases the likelihood of a person using the same password twice or choosing one that is too easy to hack.
3. Password authentication:
Managing passwords is only one part of the solution. While it is a good first step, it is often not enough on its own. Other security features such as secondary or two-factor authentication should also be used when the opportunity presents itself.
Websites that use this method will send users a message with a one-time code that they must enter before accessing the system.
While consumers should take care to protect themselves, information security companies, such as Dial a Nerd, are still the best method for stopping hackers.