Heads up, guys: It’s time to change all of your passwords, again. The New York Times reported earlier this week that a small group of hackers in Russia has gathered what may be the biggest collection of stolen personal information – 1.2 billion username/password combinations and more than 500 million email addresses.
The breach was reported by Hold Security as being the largest in Internet history and, if that's true, it’s completely terrifying. However, The Verge called out Hold Security on their claim almost immediately, citing the fact that the hackers “eventually ended up” with the passwords and that at no point did Hold say that they actually stole them themselves. According to people who know way more than I do about this stuff, these guys didn’t do much more than scrape up the dregs of previous hacks that were scattered around the Internet.
The Verge also noted that the hackers are using the information to spam social networks, a move that they called “the dark web equivalent of boiling the bones for stock." Basically, if these dudes got ahold of new, valuable info? They’d be selling that shit. Instead, they’re getting paid by low-level spammers to annoy your friends.
But, ultimately, we have no way of knowing if this data is old or new because Hold Security is keeping a tight lip. In fact, you won’t even know if your information is on the list unless you want to pay them $120. (See what they’re doing there? Shady.)
However, as annoying as it is to come up with new and different passwords for all of your sites, all the time, you have to do it. This is just the latest in a series of serious online security breaches and they’re only going to get worse as hackers become more sophisticated and us plebs offer up more and more of our information to online companies.
Take a minute to think about the many, many ways that you can be robbed online and you’ll realize that it’s time to stop being lazy and just do it already.
If you’ve avoided making different passwords because you can’t remember them, there are two things you can do. One, stop smoking so much weed. Two, sign up for a secure service that will remember your passwords for you. One great one is 1Password, which stores all of your passwords for you in a super secure online “vault” and also generates new, unique passwords for you every time you need one. If you’re not into their service, just google “password managers” and you’ll find a whole bunch of companies ready to help you out.
Password managers are a paid service, so if you’re hella cheap, see if your computer has its own built-in service. Mashable recommends iCloud Keychain for any Apple users who still use Safari and Firefox, and Chrome users can check out their browser’s version of the same service.
And if you’re just interested in DIY-ing the whole password process yourself, PC Mag recommends spelling words backwards, substituting numbers and symbols for letters (i.e. Emma becomes 3mm@), picking a pattern on the keyboard, or choosing the first letters of every word in a phrase or song that you like. The goal is to create something that isn’t guessable, isn’t common, and is totally unique to you. Check the strength of each unique password here to make sure you’re doing it right.
Whether it’s Russian hackers or the Heartbleed leak, your data is never truly safe online. Protect yourself as much as you can by doing the one thing thats been proven to work: Be proactive about your passwords.