On Tuesday, a scary finding caused panic in the media – Russians hacked 1.2 billion passwords from more than 420,000 websites and emails around the world. Large companies, world leaders, as well as regular users and their credentials were compromised. But is that really true? And should we worry too much?
The shocking finding was announced by US firm Hold Security, which specializes in discovering breaches. But cyber security experts have expressed doubts over the company’s claim – there hasn’t been very much data released and what we know so far lacks too many details. According to the report, a Russian gang, called CyberVor, hacked over 4.5 billion user credentials, including 1.2 billion usernames and passwords. They are said to have stolen the information from more than 420,000 websites and email accounts. And if this is just unpleasant news for most users, companies should be concerned.
However, the report also claims that the affected companies have been notified of the security breach. Usually, in that case, firms go public, urging their users and customers to change their passwords. The interesting thing is that now, no major company has expressed concern about being hacked. Experts say that it may be just too soon for firms to announce being compromised. The other alternative is quite simple – the claim isn’t true. After all, Hold Security is a small company that needs attention. It offers its clients a commercial “breach notification” service – you can see if you had been hacked, but only after you pay a fee.
So, there is no need to panic, at least not yet, over the massive password theft. Security specialists recommend to those who suspect their emails or other accounts have been compromised to change their passwords. There are several things to do to avoid hacking, but the best alternative is simply to fortify your password.
Use long passwords. The minimum is usually 8 characters, but you should use at least 14-15. Try to make it as longer as possible. Of course, a combination of letters and numbers is the best, but make guessing the password even harder by using upper and lower case symbols. Avoid existing words, even when you add numbers and symbols – for instance, “hutrmpght459rmxus” is much stronger than “password123”. A nice trick is to add numbers in the middle of words, as in “pass123wor456d789” or to replace letters with symbols and numbers. For example, the number zero can be used instead of the letter O, while for S, you can try the dollar sign.
Experts also say we shouldn’t use easy-to-guess words and expressions such as “password”, your name, or “qwerty123456”. Passwords like “god”, “admin”, “abc123”, “iloveyou”, “trustno1” are also among the most common, or in other words, they are extremely easy to guess, even without a specialized software.
