1.2 Billion User Names and Passwords Stolen in Massive Hack, Security Firm Says

Advertising Disclosure: When you buy something by clicking links on our site, we may earn a small commission, but it never affects the products or services we recommend.

Image Not Available

Russian hackers have collected 1.2 billion user name and password combinations and 500 million email addresses, according to a security firm.

The massive hack was discovered by Milwaukee-based Hold Security LLC after seven months of research, Bloomberg said. Hold Security said in a news release that the Russian cyber gang responsible for this is now in possession of the largest known cache of stolen data.

More than 420,000 Web and FTP sites were likely targets, the private security firm said. The hacking scheme targeted websites of all sizes, including personal websites.

According to The New York Times:

“Hackers did not just target U.S. companies, they targeted any website they could get, ranging from Fortune 500 companies to very small websites,” said Alex Holden, the founder and chief information security officer of Hold Security. “And most of these sites are still vulnerable.”

Hold Security said it will not name victims of the breach because of that vulnerability.

So what are the Russian hackers doing with the stolen information? According to Time:

As of now, the criminals have not sold many of the records online, and instead are giving the information to third parties to send spam on social networks like Twitter. They’re then collecting fees for their work. So far, it doesn’t appear to be a complete disaster for Internet users, but it leaves a lot of people very vulnerable.

The sheer size of this hack has brought standards of identity protection on the Web into question, the New York Times said.

“Companies that rely on user names and passwords have to develop a sense of urgency about changing this,” said Avivah Litan, a security analyst at the research firm Gartner. “Until they do, criminals will just keep stockpiling people’s credentials.”

Though you likely won’t find out if your user names and passwords were stolen in this breach, it’s still a good idea to take steps to protect yourself, Time said.

It’s probably a good idea to change your password now. And if you use the same passwords for multiple websites — don’t. Reusing passwords is not a good idea because it makes it that much easier for hackers to get into many of your accounts and access key information like your credit card data. Security experts recommend regularly changing your passwords anyway.

What do you think about the latest cybersecurity breach? What do you do to protect your Internet credentials? Share your thoughts below or on our Facebook page.

Get smarter with your money!

Want the best money-news and tips to help you make more and spend less? Then sign up for the free Money Talks Newsletter to receive daily updates of personal finance news and advice, delivered straight to your inbox. Sign up for our free newsletter today.