What to do following email and password breach

BUFFALO, N.Y. (WIVB) – It’s being called the largest online data breach ever – and there’s a good chance it could affect you.

A cyber security firm says hackers in Russia have stolen more than a billion usernames and passwords. The thieves also have more than half a billion e-mail addresses. They collected the information from nearly half a million websites – big and small.

This breach really has nothing to do with how strong of a password you set. If you’ve signed up at any of the 420,000 websites affected. Chances are, the hackers have your password.

RELATED | Though a strong password wouldn’t have helped in this case, creating one does deter identity thefts. Find seven ways to create a stronger password here

Some people change their password more often than others.

“About twice a year,” Elizabeth Korangy said.

“Sometimes it’s every 60 days,” Beth Downing said.

Kasey Marchetti says she hasn’t changed her password in the 15 years since she first logged onto the internet.

But internet security experts are advising everyone to change passwords now – after the largest online data breach ever.

But who’s affected? The company that found the security breach isn’t revealing which websites were robbed, but it says the Russian hacker gang broke into 420,000 different sites.

It stole credentials for 542 million different email addresses. That could mean a half billion people, since many use the same email address everywhere they sign up.

“From all of my sources, it sounds like it is legit,” said Michael McCartney, president and CEO of Buffalo-based cyber security company Digits LLC.

He said the scariest effect of this breach could still be months away if the hackers use your email to get into your financial accounts.

“Maybe attempt to wire money from your brokerage accounts, purporting to be you,” McCartney said.

McCartney says you should change your passwords now and continue to do so frequently. Use strong passwords – that means words that don’t appear in a dictionary or words associated to you. And use different passwords for different websites. That’s something many people fail to do.

Some seem to be resigned to the fact that at some point they will be a cyber victim.

“I assume everything is easily hacked. And if someone wanted my information, they could get it,” Eli Sipos said.

blog comments powered by Disqus