1.2 Billion Reasons to Change Your Password

If you are like me, you find it very annoying to be required to frequently change your password for your computer or for an online application. However, it is a simple way to limit your exposure to identity theft and financial fraud. And it is more important to do than ever.

According to Hold Security LLC, a Milwaukee based security and risk management firm, a group of Russian hackers have amassed a database that consists 1.2 billion sets of login credentials associated with 500 million unique email addresses. That’s scary enough to get the attention of not just the tech media but the mainstream. Headlines have blared the news from such media icons as the NY Times, Washington Post to Bloomberg.com.

Is the threat from these hackers as scary as the headlines make it appear?
Well yes, and maybe not.

Looking on the bright side, much of the data is certainly dated. Every time a user changes their password or email address it becomes less usable.

However, these hackers are not accumulating the data just to set some record for mass storage. It can be used for a variety of nefarious schemes. It’s not just that they might be able to log into your account at a web site. This type of data can be used in phishing schemes to craft credible looking emails that attempt to trick users into downloading malware or visiting a malicious site. That’s one of the popular ways hackers use to acquire login credentials and commit financial fraud.

Hold has indicated that the Hackers, a group of about 20 in southern Russia, are actually marketing this data to other criminals as a way to “monetize” their asset.

What’s a Person to Do?

Good Password Management: As mentioned above, frequently changing passwords limits exposure when credentials are stolen. In addition, strong passwords that includes a mixture of upper case, lower case, alpha, numeric and special characters is also very important to stop hackers. It seems like a nuisance, but it better than having your bank account drained!

Vigilance: The best way to avoid being a victim of internet fraud is to pay close attention to email you open for signs of phishing. Are you sure you know the sender? Is the sender’s email really from the domain indicated? As simple right click on email and URL addresses will tell you.

Whenever you are at a web site where you enter personal data, make sure you check the URL address to make sure it is from the expected domain. You might think you are mybank.com, but hackers may have sent you to mybank.com.ru hoping you won’t notice the difference.

Importantly, the URL will tell you if the site is SSL secured by displaying “HTTPS” instead of “HTTP”. Even still, you should look for an indicator on the address bar that site is only domain validated. That is a low level of identity assurance and should raise a red flag in your mind to question the sites trustworthiness.

Sandboxing and Comodo Security: Running your browser in a secured, isolated system area called a sandbox is one of the very best ways to protect yourself against malicious downloads that could place your credentials at risk

Not only does Comodo Internet Security include that capability, it is the ONLY security suite that operates with a Default Deny architecture that will never allow a malicious program to be run by the system. If the file cannot be verified as safe, it can only run in a safe sandbox area. You are protected no matter what.