Another high-profile internet attack has been found. The New York Times reports that a Russian gang has collected over 4.5 billion records from various sites across the web.
The data breaches were discovered by security firm Hold Security. They discovered that personal information including usernames and passwords were extracted from 420,000 websites. They are holding off on disclosing which sites were compromised to allow them to patch the vulnerabilities.
The attacks were not US specific, but from all over the world. The Russian hackers didn’t target only high-profile companies but smaller sites as well.
The hackers have not sold its stockpile of over 1 billion unique passwords and 542 million emails. Instead, they’re using the compromised accounts to spread spam on social networks. If you notice this spam on your social networks, you or one of your friends may have been affected by this breach.
Too early to panic
It’s still too early to gauge the extent of this hack. Hold Security is still working to alert sites of the vulnerability, with many already made aware.
While no payment information seems to have been exposed, it’s quite easy for hackers to obtain this information if your bank passwords are compromised. The hackers can also use your personal information to steal your identity.
Audit your online security
Although we don’t know the full details about the hack yet, you can still take action to make sure you haven’t been hacked. Make sure you don’t use the same password on different sites. Use a password manager to keep track of your unique and randomized passwords.
Double check your bank statements to make sure no fraudulent charges have been made. If your bank offers two-factor authentication, enable it to make it harder for hackers to get into your account.
If you want more peace of mind, sign up for a credit monitoring service like AllClearID or Lifelock but they’re only helpful in detecting fraud, not preventing it.
You can freeze your credit so that thieves cannot open new credit card accounts under your name. Freezing your credit prevents credit companies from checking your credit history, blocking all new applications. This isn’t ideal for those who are looking to take out loans for a house or car.
For more info, Krebs On Security has a great article about credit monitoring and how you can protect yourself.
This is a developing story and we’ll be posting updates about it so stay tuned.
Source: New York Times | Hold Security
Header image credit: David Goehring [Flickr]
Related Stories
Instagram apps are vulnerable to account hijacking
Canvas fingerprinting web tracking tool isn’t the end of privacy
BitTorrent Bleep secure chat client stops snooping
Software Clinic: “How do I permanently delete a file?”
App of the Week: Yet Another Cleaner
Follow Lewis on Twitter: @lewisleong
