Hackers steal 1.2 billion passwords – 4 steps to take now


The New York Times reported this week that an organized Russian criminal group stole approximately 1.2 billion user name and password credentials associated with more than 500 million email addresses from hundreds of thousands of websites around the world. 

The article notes that the hackers used a large botnet (a group of computers that a hacker has taken control of for his or her own use) to probe websites methodically for vulnerabilities that would give the hacker access to the websites' databases containing sensitive information such as email addresses, user IDs and passwords. 

Although the victims have not been identified, there are certain steps you should consider taking, all in close consultation with your experienced IT staff.

  • Force all users in your organization to change their network access password.  Encourage them to create strong, new passwords that do not resemble their old passwords.  In the event that login/password credentials for your entity were compromised, this will help minimize harm that these hackers could cause. 
  • Remind users not to allow their web browsers to store/save their passwords.
  • Advise your employees/staff/volunteers to change their personal passwords for social media, email, and financial accounts, especially if they tend to use the same password to log into work and personal accounts.  Remind them to use two-factor authentication where sites offer it (many banks, email providers and social networking sites offer this).
  • Engage IT to review security access logs to determine whether there is any evidence that login/password credentials have been misused to gain access to your organization’s network. 

There are other steps you can take, and we encourage you to consult with your IT staff.






DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© DLA Piper | Attorney Advertising

Written by:


DLA Piper on:

Popular Topics
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.