The Russians have definitely come…in the world of cybercrime. A Russian ring of hackers has amassed 1.2 billion stolen passwords and usernames involving 400,000 websites. The criminals have also garnered 542 million e-mail addresses.
And these Russians didn’t discriminate: Any website they could bust into, they did, ranging from big U.S. companies to little websites—anything. Most of these sites remain vulnerable.
Apparently, the thieves are not working for Russia’s government (which rarely goes after hackers anyways), nor have they sold the stolen information…yet. They’ve been paid by third-party entities who want to send out spam.
This gang of thieves operates like a business, with some doing the programming and others doing the stealing. The crooks use botnets to scope a site’s weaknesses, then plow in there.
This massive breach has called attention to the reliance that businesses have on usernames and passwords; this will need to be changed.
Tips for Preventing Getting Hacked
- Say NO to clicking on links inside e-mails, even if the apparent (note “apparent”) recipient is your bank or a friend.
- URL security. Trust only sites whose URL starts with a padlock icon and “https.” An “http” won’t cut it.
- Two-step verification. If your financial institution offers this, then activate it. Call the bank if its website doesn’t have this information.
- Online banking. If possible, conduct this on a separate computer just for this purpose.
- Change the router’s default password; otherwise it will be easy for hackers to do their job.
- Wired ethernet link. This is better than a powerline or Wi-Fi for protection. To carry out an ethernet attack, the thief would probably have to break into a home and set up a device, whereas Wi-Fi data can be snatched out of the air, and powerline data can leak into next-door.
- Encryption. If you must use Wi-Fi or powerline networks, encryption will scramble data, but a hacker can crack into Wi’Fi’s WEP.
- Say no to third-party Wi-Fi hotspots.
- Security updates. Keeping up to date will guard against hackers who use a keylogger to figure out your keystroke pattern—which can tell him your passwords.
- Hotshot Shield; This service protects you from fraudulent activity when you’re working online in an unprotected network (wired or wireless), such as at airports, hotels or coffee houses.
- Get identity theft protection. Generally your identity is protected from new account fraud. Many of the services monitor your data on the dark web.