If you have a Gmail, Yahoo or Hotmail account, you need to change your password, now. According to multiple sources, Russian hackers have a database containing in excess of 200 million username/password combinations for the aforementioned service.
And it’s for sale.
Millions of Victims
The Russian hackers behind the login details theft didn’t just take credentials from Gmail, Yahoo and Hotmail. The largest email service in Russia was hit even harder, according to Hold Security.
Hold Security negotiated with a Russian hacker who had the database. The security firm says that it does not pay for stolen data and, generally, its representatives go through a long song and dance to get it from the thieves.
This particular thief wanted 50 roubles, which is less than $1US for the data. Nonetheless, Hold Security persisted and was eventually able to get the data in return for putting Likes on the hacker’s social media pages.
Hold Security is still analyzing the purloined data, but it’s a massive collection that, according to their blog, includes more than 1 billion–with a “b”–stolen credentials. The company is attempting to analyze them at present.
Password Safety
If you still haven’t changed your password to any of the services mentioned, you should do that right now; this very moment. Whenever a password is used too long, no matter how secure the service it’s used on may be, there’s a chance that it could be out there, for sale, and that someone might decide to make you the next victim of identity theft.
Being Safer
There’s no such thing as perfect security, but you can do a lot to protect yourself from being victimized by password theft schemes and other forms of online exploitation.
First and foremost, make sure you use secure passwords for everything. Your password should never be a dictionary word. A nonsense string of numbers, letters of both cases, and symbols is always your best bet for security. Make sure it’s at least eight characters long.
If you have a hard time thinking up good passwords, go ahead and use any of the many free tools out there for creating strong ones. Norton has a free, downloadable tool you can use.
Of course, remembering all those passwords is a chore. You can use free tools like KeePass, which will also generate passwords for you, to store yours. LastPass is another popular option.
Never use the same password on two different sites. Make sure you change your password at least every few months, preferably sooner. If you have very serious security concerns, you might even want to change them weekly.
Use Encryption
Encryption is one of the best tools out there for protecting your safety and privacy. We’re not talking about defeating the NSA here. As recent stories have shown, if intelligence agencies want into something, they’re probably going to make that happen.
For everyday users who want protection from hackers, identity thieves, snoopy law enforcement agencies and intrusive marketing, however, there’s nothing better than encryption.
The most accessible way to get it is to use a VPN. Since we specialize in VPNs around here, we have lists of providers broken down by various applications. Browse through the list that best suits your needs, pick a provider and get in the habit of using your VPN service. It’ll make a huge difference in your overall levels of online privacy.
Look for 256-bit encryption, OpenVPN access and, if you’re not particularly technically inclined, a good client. VyprVPN and IPVanish are both excellent in all the listed ways, and most every other regard.
If You’re Really Worried
As was already said, there’s a certain level of security that you’re not likely to get without a lot of education in networking, programming and digital security, However, if you want the most secure possible setup, consider going with a Linux operating system, using a VPN, encrypting your drive and your emails.
That level of security might be too inconvenient for most people but, if you’re particularly at risk for being hacked or having your data stolen, it might be the best bet.
Otherwise, a commercial VPN service and regularly changing your passwords should keep you safe from most threats, so make sure you use both strategies!
‘Russian Hackers’, ‘multiple sources’.
Propaganda bullshit Joseph Goebbels style.
More likely NSA/CIA/FBI/GSHQ or other really evil institutions.