Sign up for our Newsletters

First Name:
Last Name:

By Cory Warren August 05, 2014

Russian Crime Ring Steals Billions of Passwords, Online Records

A Russian Crime ring has gathered what may be the largest known collection of stolen Internet credentials, according to the New York Times. The data—more than 4.5 billion records in all—includes 1.2 billion username and password combinations and more than 500 million email addresses.

Such personal credentials can be used for identity theft. If you’re like many people, the password you use on one site may be the same password you use on many sites, so a breach like this can expose many of your accounts, including those that put you at financial risk — think bank and brokerage accounts.

The breach is huge and only the latest in a series. It’s important to protect yourself:

• Don't panic but assume the worst—that your personal information is among the stolen records.

• Change the passwords on your most important accounts, including online banking, credit card, brokerage, medical and other accounts just to be on the safe side.

• Use strong passwords

• Do not use the same password on multiple sites.

• Always monitor your credit card and bank statements for fraudulent charges.

Even After Heartbleed, Many of Us Still Haven’t Changed Our Passwords.

14 May , 2014 1 Comment

By Jean Chatzky, Personal Finance Expert

It’s been more than a month since the Heartbleed bug made headlines. (For those of you who don’t remember, Heartbleed is a bug in OpenSSL encryption software. Left untreated, hackers can steal data—including passwords and other consumer data—undetected.)

In the time that has lapsed, many of the biggest, most traveled sites on the Internet—Google, Facebook, YouTube and Yahoo among them—were fixed or “patched.” And many of those same companies have kicked hundreds of thousands of dollars into a fund devoted to improving security in open source programs like OpenSSL, working to help prevent this from happening again.

But what have you done?

Harris Interactive surveyed more than 2,000 American adults who are regularly online. What they found is that of those folks who had heard of Heartbleed, just half had changed their passwords. That means just one-third of people had changed their passwords overall. Why haven’t we? Some of us haven’t gotten around to it yet, others are overwhelmed. But far too many just aren’t worried.

When you consider how quickly data breaches (unrelated to Heartbleed) have been growing, that’s not particularly encouraging. The headline-making ones—Neiman Marcus, Michaels Stores, and the Target breach that just last week reportedly resulted in the ouster of the CEO—were just the tip of the iceberg.  According to the Identity Theft Resource Center, there were 614 in 2013.  That’s a nearly 300% jump from a decade earlier.

Creating—and maintaining—strong passwords can be a great first level of defense. But many of us seem to be clueless about what that means. Earlier research showed that while 70 percent of people believe they use strong passwords (at least eight unrelated characters, a combination of letters, numbers and symbols in upper and lower cases) just 42 percent actually do.

So what do you do?

Update or change your passwords on sites that have your key information.  That means banks, email accounts, social networking sites and file-sharing accounts (e.g., Dropbox). Try to get out of the habit of using the sort of words or other info a follower of your Twitter feed might stumble over (i.e., the names of pets, spouses and friends that survey found 29 percent of Americans build into their passwords). Set a reminder – or calendar alert – to change your passwords on a regular basis.

And if you’re looking for one, easy-to-maintain/easy-to-remember solution that works for passwords everywhere, here’s my favorite: Come up with a sentence that you can remember because it makes sense in your life. Something like: My cousin Susan makes the best spaghetti and meatballs. Take the first letter of each word (including the caps) — McSmtbsam – then make some substitutions that are easy to remember $ for the S, & for the a. What you come up with is Mc$mtbs&m. To solve the solution of different passwords for different sites, put the first letter in the name of the site in front of your password and the last letter in the name of the site behind it. So on Google, it might be GMc$mtbs&E.

August, 08 2014