Earlier this month, the NY Times reported that a Russian crime ring has amassed 1.2 billion user name and password combinations and more than 500 million email addresses from the Internet. According to security firm Hold Security, many of the sites from which the credentials were stolen are still vulnerable.
There is a concern among the security community that keeping personal information out of the hands of thieves is increasingly a losing battle. Last December, 40 million credit card numbers and 70 million addresses, phone numbers and additional pieces of personal information were stolen from Target by Eastern European hackers. This latest discovery, however, prompts security experts to call for improved identity protection on the web.
Read the full story online.
As a result of the large amount of usernames and passwords that have fallen into the hands of criminals, one NY Times reporter came up with a two-step plan to prevent hackers from getting into his online accounts. He contacted all of the companies with which he does online financial transactions to find out if they support multi-factor authentication. He writes about his experience here.
If you are concerned about your online accounts and whether they are secure enough, you may want to take some similar steps or be proactive in other ways. One suggestion I would make — until all companies offer multi-factor authentication — is to update your passwords on a regular basis and manage them using a password storage manager, either LastPass, 1Password or KeePass.