It’s being called “the largest data breach known to date,” according to Hold Security, the company that discovered the theft of 1.2 billion user names and passwords by a group of Russian cyberthieves.
Companies large and small were affected by the breach, but Hold says it won’t be revealing any names yet. As a result, it’s not clear whether any financial institutions are among the breached sites, and those are the ones that present the greatest risk to consumers. It’s also not clear whether the breached passwords were in plain text or “hashes” form. The latter is the way most companies and websites store account holders' passwords, and it poses less danger to individuals because it requires considerable time to decode them.
What can you do to protect yourself in the meantime? For starters, focus on changing the passwords for sites that involve your financial accounts. Make sure those passwords are extra strong. We’ve got some suggestions here. We’ve also got some recommendations for great software packages that keep your info safe from thieves. Finally, check out this video on how to keep your online passwords safe and manageable.
Make sure your computer is protected from malware with our buying guide for security software.
Hold Security says it will be providing an identity-monitoring service to individuals affected by the breach within 60 days. The company’s site says anyone can preregister free, but it’s not clear whether that service will be offered free. We tried to contact the company to find out but have not yet received a response to our query. We’ll update you when we find out more.
—Donna Tapellini
Consumer Reports has no relationship with any advertisers or sponsors on this website. Copyright © 2006-2014 Consumers Union of U.S.