This post originally appeared on All You.
Cybersecurity firm Hold Security broke the news that 1.2 billion unique usernames and passwords have been stolen by Russian hackers. (If the name “Hold Security” sounds familiar, it’s because they also discovered Target’s big data breach back in December.) According to Time.com, this is the largest known combination of usernames and passwords to be stolen ever.
The crime ring, which Hold Security is referring to as “CyberVor” (vor means “thief” in Russian), is most likely planning on using the stolen credentials to send junk mail and spam. The firm believes that the usernames and passwords are connected to more than 540 million email addresses and were stolen from over 420,000 web sites. And the hackers didn’t just go after big companies: according to the security blog, “CyberVors did not differentiate between small or large sites … they targeted every site that their victims visited.”
We spoke with online security expert Robert Siciliano to find out what this news means for you and how you can protect your information.
How will I know if I was hacked?
“Most people won’t know, because attackers often sneak in and out undetected,” Siciliano explains. “Otherwise, having updated antivirus running and doing a scan will tell you if there’s any malware. But it would generally take a forensic expert to detect an attack that doesn’t involve malware.” In other words, you probably won’t be able to tell if your information has been compromised, so it’s a smart idea to change all your passwords just to be safe. (Don’t forget to use different passwords for each site—having the same login for everything makes you more vulnerable to future attacks.)
Should I stop using credit cards online?
“No. I use my credit cards all the time,” says Siciliano. But when shopping online, he recommends making sure a website has https in the address bar (this signifies that the site is safe) and that you check your bank statements frequently to look for suspicious activity. To monitor your accounts in real-time, “download your credit card company’s mobile application and set up text alerts for all charges.”
How often should I change my passwords?
“At a minimum, annually. Every six months is smart and quarterly is brilliant,” Siciliano says. “Otherwise, as long as you have different passwords for each site, your accounts should be good at least until the next breach.”
What else can I do to keep my information safe online?
Unfortunately, “we don’t have control over our data on other websites or databases,” says Siciliano. “But we can keep our devices secure with antivirus, anti-spyware, anti-phishing and firewalls. Keep your wireless devices protected with a tool called Hotspot Shield, which encrypts wireless communications.”
Are there password apps that can help?
Siciliano likes McAfee LiveSafe’s password manager tool, which is built into their antivirus product ($79.99, mcafee.com). But password manager apps for your smartphone will do the trick, too. A few highly-recommended ones we found: iPassword ($17.99, Apple), LastPass (free, Apple and Android) and oneSafe ($9.99, Apple and Android).