A Russian gang has compromised and stolen over a billion credentials from 420,000 web sites, according to a new report by The New York Times and security research firm, Hold Security.
Hold Security reported on a similar hack back in February that may or may not be related to this one, but as of now, the firm isn't mentioning the names of any of the sites hacked because many of them are still vulnerable. Krebs is saying that the bulk of these are being used for spam. That said, right now it seems like the bulk of those usernames, emails, and passwords are being used to post spam on social networks, and haven't been sold to identity thieves or anyone else. Because of that, we're not suggesting you run out and change all of your passwords just yet.
With that in mind, it's a good time to double-check your password security and make sure everything's in order. Password tricks don't always work, but it's good to audit and check out your passwords now and again since the only secure password is one you can't remember. Here's a quick primer for getting started with our favorite password manager, LastPass (any other password manager like one of these will do the trick too):
If you're brand new to LastPass, head over to our beginner's guide to LastPass to get up and running.
If you're already using LastPass, our intermediate guide will help you go beyond the basics.
Of particular interest right now, you can use LastPass to audit and update your passwords. Their audit tool can reveal your least secure passwords, which passwords you're repeating on various sites, and more.
Russian Gang Said to Amass More Than a Billion Stolen Internet Credentials | The New York Times