Remember the Target data breach from last year? That was 110 million credit cards. Compared to today’s news that was child’s play. Today it looks like a Russian hacking ring has just upped the ante a bit by amassing 1.2 billion username and password combinations. From the New York Times:
A Russian crime ring has amassed the largest known collection of stolen Internet credentials, including 1.2 billion username and password combinations and more than 500 million email addresses, security researchers say.
The records, discovered by Hold Security, a firm in Milwaukee, include confidential material gathered from 420,000 websites, ranging from household names to small Internet sites. Hold Security has a history of uncovering significant hacks, including the theft last year of tens of millions of records from Adobe Systems.
That’s 1.2 billion username and password combinations or 500 million email addresses. According to World Internet User Statistics there were approximately 2.5 billion users worldwide at the end of 2012, so 500 million email addresses is equivalent to about 20% of that population. One in five of us have email accounts that are totally and completely owned by a Russian crime syndicate.
What you can you do right now
Here are a few steps that you should consider taking immediately:
- Change your password, and commit to changing them regularly. Everywhere. I know, it’s a pain in the neck, but you need to start using a secure password wallet that generates secure (and distinct) passwords for every service you use, and you need to use a tool that will remind you to change your passwords.
- Turn on two-factor authentication for anything that supports it. Two-factor authorization is available for Facebook and Gmail, and you should turn it on. With two-factor authentication it becomes much more difficult for hackers to get to your accounts because they will need to also gain access to your mobile device. Note that two-factor authentication can be irritating at times, but, trust me, getting hacked is a much bigger problem than the inconvenience you’ll experience by needing to verify your Facebook logins from your smart phone. Virtru supports two-factor authorization.
- Start using Virtru. Right now. If you are an individual, go ahead and install the browser plugin, and if you are a business you should consider adding Virtru for Business to your Google domain. If you send email with Virtru you can revoke and control messages, everything is encrypted, and you can take measures to protect yourself in the event that, say, a criminal Russian gang compromises 40% of the internet’s email.
This is no joke. The time to sit back and just nonchalantly ignore news of yet another hacking story is long gone. Businesses need to create more secure systems than simple, hackable passwords, and the entire industry needs to rethink its approach to security. Meanwhile, you need to start taking more responsibility for the sensitive data you are sending both in your personal lives and at work.
Today is a good day to start sending secure email by default. Use Virtru to make sure that your data is secure and will remain under your control no matter who hacks the entire internet tomorrow.