On August 5th the New York Times announced the largest known theft of online login credentials. A group of Russian cyber criminals has amassed stolen usernames and passwords from over 1.2 billion accounts and 524 million email addresses. The data was uncovered in an 18-month investigation by a Milwaukee-based company called Hold Security. According to their report, the criminals got the information from over 420,000 sites of all sizes, many of which remain vulnerable.
Here are five things you can do to help ensure your information stays safe in the future.
1. Don’t use the same login information on multiple sites.
So far it appears the hackers have only used the stolen credentials to send spam on social media sites, but people often use the same usernames and passwords on other sites. According to the Internet security firm Symantec, the average user has 26 password-protected accounts but only five passwords. If you use the same login credentials on your bank’s web site or at online retailers that store credit card information it’s like leaving the front door of your house wide open.
2. Protect your email password.
Email is so commonplace, we almost forget about it. But criminals can use your email account to wreak all sorts of havoc. If you’ve ever received an email from your bank or clicked at “forgot password” link on another site and forgotten to delete the message, anyone with access to your email account will know how you have an account on that site. Criminals can also glean personal information they can use to commit identity theft from your email account. Treat your email password as you would any high-security account.
3. Practice secure password policy.
Choose passwords that are difficult to crack. Do not use passwords based on personal information such as a child or pet’s name, your birthday or the school you attended. In today’s online world of social media, this information may not be as private as you might think. Choose a password that is at least 12 characters long and has a mix of numbers, symbols and uppercase and lowercase letters.
Symantec also found 38% would rather clean a toilet than make a new password, but secure passwords don’t have to be difficult to create and remember. Acronyms of phrases make excellent passwords that stay with you.
4. Change your passwords often.
Many of us are guilty of not changing our passwords often enough. Remember, there are many security breaches that go unnoticed or unreported. Make it a practice to update all your passwords at least every six months.
5. Be wary of follow-up scams.
Hackers often use compromised email and social media accounts to commit phishing scams, since people are more likely to open an email attachment or click a link in a message sent from a trusted source. Never open a link or email attachment you weren’t expecting, even if it supposedly came from someone you know.