An astounding and scary cyber-security breach is rocking the Internet.
A Russian crime ring of fewer than a dozen hackers has stolen the largest known collection ever of online credentials — 1.2 billion user name and password combinations and more than 500 million email addresses. A Milwaukee company discovered the theft.
This latest huge breach confirms fears that keeping our personal online information out of the hands of thieves is becoming a losing battle.
In December, millions of Americans were hacked when their information was stolen from the retail giant Target by a gang in Eastern Europe. But the size and scope of this latest discovery is prompting security experts to sound the alarm about the critical need for improved identity protection on the Web.
Ray Hollister, general manager of Bold City IT and the host and producer of our popular Deemable Tech podcast and show on WJCT-FM joined Melissa Ross for more on what people need to know to keep data secure.
"What they did was program botnet viruses that turned infected computers into machines that would then attack other computers and websites," said Hollister. "This approach made it possible for this small team of less than a dozen men to collect such a large bounty."
So who should be concerned?
"If you are already following best practices for online security by using strong, secure, unique passwords on every site that you use and using two-step authentication wherever possible, you don’t need to panic," he said.
"However, if you are like most people and you use the same password on multiple sites, you need to be concerned. It is time to stop making excuses and set up strong, unique passwords for every site you use."
Here are some helpful tips from Ray Hollister to securing your online accounts.
- Never use passwords that can be connected to you such as pet’s names, anniversaries, birthdays, etc.
- Never use words that can be found in the dictionary. This is one of the easiest ways for a password to be hacked.
- Do use as complex a password as the website will allow. Use upper case letters, lower case letters, numbers and symbols.
- Do use as long a password as the website will allow.
- Use a unique password on every site that you access. You wouldn’t hand out your house key to strangers, right? Don’t share your password with multiple websites.
- Store your passwords in a secure, encrypted database like LastPass, Dashlane, 1Password or KeePass.
And if you don’t want to store your passwords in a database, just write them down.
"Storing them in a paper notebook is much more secure than using the same password on multiple sites. If someone steals your notebook out of your house, you probably have bigger problems than someone breaking into your online account. They’re probably stealing your computer too!"
A healthy bit of skepticism
At this point, Hold Security has not disclosed which websites or email accounts were affected. Hold Security is, however, offering a Breach Notification Service for $120 a year to determine if a business is a victim of the CyberVor breach and an Identity Protection Service for individuals.
Vanja Svacer, principal security researcher at Sophos, a rival company, has expressed surprise at this, saying, "For a long time the security industry has freely shared information on breaches within its own community.”
Dr. Steven Murdoch from University College London's computer science department said in an interview with the BBC, "This situation is quite unusual in that the company has decided to charge for this information. Usually they would do an initial disclosure [of who had been affected] for free, and then offer their services for a fee at a later stage.”
Meanwhile, much like hurricane warnings in Florida, Hollister adds that many people are feeling burned out from all of the news of the recent data breaches. They have become desensitized to the severity of the news. That doesn’t reduce the necessity to be prepared.
"Getting all of your online accounts in order takes time, but when the “big one” does hit, being prepared by practicing online security best practices will reduce your chances of it impacting you."
You can follow Melissa Ross on Twitter @MelissainJax, and Ray Hollister @RayHollister