The CyberVor hack was the largest ever breach of personal identity information so far —larger than the Adobe breach, larger than the Target breach, larger than the eBay breach.
What this means to you, Dear Reader, is that you are probably a victim of this attack either directly or indirectly. Your username and password credentials to one website or another are either compromised already, or are likely to be at some point in the future because the site admin’s credentials have been stolen.
What happens next is the Bad Guys typically sell their stolen passwords on the black market to other Bad Guys, and pretty soon a small army of hackers will be looking for ways to use these 1.2 Billion stolen credentials to log into bank accounts, hack into e-commerce accounts, and otherwise find ways to siphon money.
So what should you do?
It’s a pain, but you should change your passwords—systematically and thoroughly. Here are six suggestions to help you:
- Adopt a strategy of one password for each site. Website breaches will always be with us so, this way, if a website is hacked you only lose that one password.
- Make a list of your most important sites and change them first. Financial sites, such as your bank, and high-frequency sites, such as Facebook, iTunes, Amazon or Twitter, are more important to change than others.
- Change your email account passwords. Emails are frequently used for password recovery from websites, so a criminal can request a password reset from your bank account, and quickly access your email and be in your bank account before you know it.
- Turn on two-factor authentication for any website that offers it.
- Invest in a password manager. It’s safer than writing them down, and easier to organize.
- If you really want to be safe, adopt a habit of changing your passwords periodically, even if it’s only once or twice a year.