1.2 Billion User Names and Passwords Stolen in Massive Hack, Security Firm Says

What's Hot


How a Mexican Tariff Will Boost the Cost of 6 Common PurchasesFamily

Report: Walmart to Begin Selling CarsCars

How to Protect Yourself From the ‘Can You Hear Me?’ Phone ScamFamily

Trump Scraps FHA Rate Cut — What Does It Mean for You?Borrow

This Free Software Brings Old Laptops Back to LifeMore

10 Overlooked Expenses That Ruin Your BudgetFamily

Protecting Trump Will Cost Taxpayers $35 MillionFamily

8 Creative Ways to Clear ClutterAround The House

8 Tuition-Free U.S. CollegesCollege

Study: People Who Curse Are More HonestFamily

Tax Hacks 2017: Don’t Miss These 16 Often-Overlooked Tax BreaksTaxes

The 3 Golden Rules of Lending to Friends and FamilyBorrow

Porta-Potties for Presidential Inauguration Cause a StinkFamily

12 Surprising Ways to Wreck Your Credit ScoreBorrow

These Are the 25 Best Jobs in the U.S.Jobs & Work

A U.S. company said it discovered the hacking attack by a Russian gang during a seven-month investigation.

Russian hackers have collected 1.2 billion user name and password combinations and 500 million email addresses, according to a security firm.

The massive hack was discovered by Milwaukee-based Hold Security LLC after seven months of research, Bloomberg said. Hold Security said in a news release that the Russian cyber gang responsible for this is now in possession of the largest known cache of stolen data.

More than 420,000 Web and FTP sites were likely targets, the private security firm said. The hacking scheme targeted websites of all sizes, including personal websites.

According to The New York Times:

“Hackers did not just target U.S. companies, they targeted any website they could get, ranging from Fortune 500 companies to very small websites,” said Alex Holden, the founder and chief information security officer of Hold Security. “And most of these sites are still vulnerable.”

Hold Security said it will not name victims of the breach because of that vulnerability.

So what are the Russian hackers doing with the stolen information? According to Time:

As of now, the criminals have not sold many of the records online, and instead are giving the information to third parties to send spam on social networks like Twitter. They’re then collecting fees for their work. So far, it doesn’t appear to be a complete disaster for Internet users, but it leaves a lot of people very vulnerable.

The sheer size of this hack has brought standards of identity protection on the Web into question, the New York Times said.

“Companies that rely on user names and passwords have to develop a sense of urgency about changing this,” said Avivah Litan, a security analyst at the research firm Gartner. “Until they do, criminals will just keep stockpiling people’s credentials.”

Though you likely won’t find out if your user names and passwords were stolen in this breach, it’s still a good idea to take steps to protect yourself, Time said.

It’s probably a good idea to change your password now. And if you use the same passwords for multiple websites — don’t. Reusing passwords is not a good idea because it makes it that much easier for hackers to get into many of your accounts and access key information like your credit card data. Security experts recommend regularly changing your passwords anyway.

What do you think about the latest cybersecurity breach? What do you do to protect your Internet credentials? Share your thoughts below or on our Facebook page.

Stacy Johnson

It's not the usual blah, blah, blah

I know... every site you visit wants you to subscribe to their newsletter. But our news and advice is actually worth reading! For 25 years, I've been making people richer without making their eyes glaze over. You'll be glad you did. I guarantee it!

💰🗣📰

Read Next: 6 Presidents Day Sales You Should Know About

Check Out Our Hottest Deals!

We're always adding new deals and coupons that'll save you big bucks. See the deals to the right and hundreds more in our Deals section.

Click here to explore 1,853 more deals!