We’ve been here before. A cyber security breach is found. Users are warned. And we’re all left wondering if we’re among those affected.
This breach du jour is a bit different.
According to The New York Times, a small group of Russian hackers have amassed 1.2 billion stolen passwords, user names and email addresses from more than 400,000 websites in countries around the world.
Cyber security specialist Stephen Cobb with ESET in San Diego said it's the depth of the breach that's so alarming.
“If they’ve gotten information from over 400,000 websites, that means there’s a lot of small-business websites that are included," Cobb said.
For perspective, last year’s Target credit card security breach affected around 100 million users. This breach affects more than 10 times that many.
"So that is worrying for a broader range of businesses than we’ve seen in previous revelations, and a broader range of consumers,” Cobb said.
To keep yourself safe, he recommends a few immediate steps. If you have a website, get your information technology chief to check the site’s server traffic. If Cobb’s right, this is how Russian hackers scraped the server for login credentials:
"Every few seconds there’s an attempt to 'brute force' access your web server, and these are attempts to guess the password to get on the server itself," Cobb said.
And if you’re a user, he said you should update your passwords and don’t use the same one twice.
Sign up for two-step verification offered by most big companies such as Google, Facebook and Twitter. And get an antivirus program. Cobb said the one on his computer already has found an increased amount of malicious emails.
