Hackers steal 1.2 billion passwords – 4 steps to take now

The New York Times reported this week that an organized Russian criminal group stole approximately 1.2 billion user name and password credentials associated with more than 500 million email addresses from hundreds of thousands of websites around the world. 

The article notes that the hackers used a large botnet (a group of computers that a hacker has taken control of for his or her own use) to probe websites methodically for vulnerabilities that would give the hacker access to the websites' databases containing sensitive information such as email addresses, user IDs and passwords. 

Although the victims have not been identified, there are certain steps you should consider taking, all in close consultation with your experienced IT staff.

  • Force all users in your organization to change their network access password.  Encourage them to create strong, new passwords that do not resemble their old passwords.  In the event that login/password credentials for your entity were compromised, this will help minimize harm that these hackers could cause. 
  • Remind users not to allow their web browsers to store/save their passwords.
  • Advise your employees/staff/volunteers to change their personal passwords for social media, email, and financial accounts, especially if they tend to use the same password to log into work and personal accounts.  Remind them to use two-factor authentication where sites offer it (many banks, email providers and social networking sites offer this).
  • Engage IT to review security access logs to determine whether there is any evidence that login/password credentials have been misused to gain access to your organization’s network. 

There are other steps you can take, and we encourage you to consult with your IT staff.

 

 

 

 

 

Topics:  Cyber Attacks, Data Breach, Data Protection, Hackers, Russia

Published In: General Business Updates, Criminal Law Updates, International Trade Updates, Privacy Updates, Science, Computers & Technology Updates

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© DLA Piper | Attorney Advertising

Don't miss a thing! Build a custom news brief:

Read fresh new writing on compliance, cybersecurity, Dodd-Frank, whistleblowers, social media, hiring & firing, patent reform, the NLRB, Obamacare, the SEC…

…or whatever matters the most to you. Follow authors, firms, and topics on JD Supra.

Create your news brief now - it's free and easy »