Russian hackers steal billions of passwords & how to protect yourself


Reports have confirmed that a Russian crime ring is responsible for collecting the largest cache of stolen Internet credentials in history.

The New York Times related that a Milwaukee-based firm, Hold Security, unveiled the stock pile of 1.2 billion user names and corresponding passwords and over 500 million email addresses from over 420,000 different websites. They have called the hacking ring “CyberVor”, and found that the sensitive information is said to have been lifted from the largest to the smallest online companies. However, the names of the specific businesses targeted have yet to be released contingent on non-disclosure stipulations.

The hackers operate out of a small city in south central Russia, composed of less than 12 men, all in their 20s. They are able to collect data using a complex system of “botnets” that are able to determine whether a website is vulnerable. The same New York Times article indicated that the hackers are not selling the information on the black market, which they certainly could do, but instead are using the information to spam victims for a fee.

Here are some tips on how to minimise your online vulnerability by strengthening and diversifying your passwords. Many websites are now requiring users to fulfill some of these criteria, and are enabling secondary forms of password protection, such as the

  • Is at least eight characters long, but don’t hesitate to make them exorbitantly long. Try 15 or 20 characters if possible.

  • Avoid using obvious words such as names, dates, places or addresses that could be connected to your identity.

  • Avoid using complete words altogether. Try splitting up a single with numbers or other characters.

  • Use a totally different password for every account. It may sound laborious, but it will help prevent an entire credential theft in the event one website’s safety is compromised. Make a spreadsheet of all of your passwords, preferably using an esoteric paper and pen. If it is electronic, be sure to save the document in a hidden place, and label it something misleading and unappealing.

  • Use a variety of characters such as numbers, lower and upper case letters, and punctuation marks, if permitted.

It is becoming more and more apparent that in the battle for internet security, websites are forced to adapt to the advancing hacking strategies retroactively, so it is more imperative than ever to take precaution to minimise your chances of being targeted.