{"id":3775,"date":"2014-08-06T12:38:27","date_gmt":"2014-08-06T16:38:27","guid":{"rendered":"http:\/\/me-en.kaspersky.com\/blog\/?p=3775"},"modified":"2020-02-26T18:58:56","modified_gmt":"2020-02-26T14:58:56","slug":"1-2-bln-password-leak","status":"publish","type":"post","link":"https:\/\/me-en.kaspersky.com\/blog\/1-2-bln-password-leak\/3775\/","title":{"rendered":"What to do, if someone really stole 1.2 BILLION passwords?"},"content":{"rendered":"<p>Today the New York Times ran a story about how a criminal group allegedly <a href=\"http:\/\/www.nytimes.com\/2014\/08\/06\/technology\/russian-gang-said-to-amass-more-than-a-billion-stolen-internet-credentials.html\" target=\"_blank\" rel=\"noopener nofollow\">stole more than a billion passwords<\/a> and usernames\/emails from various web sites. This may sound like the biggest heist in Internet history, however, the exact details of the theft are not provided, and that made the security community a little skeptical.\u00a0 First of all, the public was not informed what sites were targeted. Technical details were absent as well \u2013 i.e. every security expert wants to know whether passwords were <a href=\"https:\/\/www.kaspersky.com\/blog\/the-wonders-of-hashing\/\" target=\"_blank\" rel=\"noopener nofollow\">hashed<\/a> or not. However, an ordinary user must know only one thing \u2013 is it time to act, and if so, what action to take.<\/p>\n<p><a href=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/37\/2014\/08\/05111546\/passwords-1.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-5642\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/37\/2014\/08\/05111546\/passwords-1.png\" alt=\"passwords\" width=\"640\" height=\"480\"><\/a><\/p>\n<p>Major providers don\u2019t send password change notifications, which may indicate that they are unaffected or don\u2019t expect negative consequences for end users. However, Hold Security, a company which publicized this research, claims that many affected web sites are small. These sites often don\u2019t have strict security procedures in place and users cannot expect a data breach notification from them.<\/p>\n<div class=\"pullquote\">You can minimize damage by making sure you have a unique password for each account.<\/div>\n<p>This alleged theft may be used as a good occasion to switch from incoherent password policies to more secure and systematic approaches.\u201dYou\u2019ve got no real control as a consumer when a breach happens at an online provider you use, but you can minimize damage by making sure you use a unique password for each account,\u201d explained David Emm, Kaspersky Lab\u2019s senior security researcher in the UK.<\/p>\n<p>Unique passwords are paramount to password security. Each password might be stolen either from a user\u2019s computer (e.g. using a keylogger) or from an online provider. Make sure that this password won\u2019t open the door to other important accounts.\u00a0 It is complicated to keep a long password list in your memory, so <a href=\"https:\/\/www.kaspersky.com\/blog\/managing-password-databases\/\" target=\"_blank\" rel=\"noopener nofollow\">password managers<\/a> are recommended. In addition, each password must be strong enough (you can test yours using our <a href=\"https:\/\/www.kaspersky.com\/blog\/password-check\/\" target=\"_blank\" rel=\"noopener nofollow\">free password checker<\/a>).<\/p>\n<blockquote class=\"twitter-pullquote\"><p>Password leaks happen on a regular basis, minimize damage by using unique passwords.<\/p><a href=\"https:\/\/twitter.com\/share?url=https%3A%2F%2Fkas.pr%2Fqn3h&amp;text=Password+leaks+happen+on+a+regular+basis%2C+minimize+damage+by+using+unique+passwords.\" class=\"btn btn-twhite\" data-lang=\"en\" data-count=\"0\" target=\"_blank\" rel=\"noopener nofollow\">Tweet<\/a><\/blockquote>\n<p>For important accounts (banking, Gmail, etc.), the additional protection is highly recommended. These sites usually employ <a href=\"https:\/\/www.kaspersky.com\/blog\/what_is_two_factor_authentication\/\" target=\"_blank\" rel=\"noopener nofollow\">two-factor authentication<\/a> to make the password alone useless for thieves.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Data breaches have become a routine. It can happen to any site, any day. You can\u2019t prevent it, but there is a way to minimize the damage.<\/p>\n","protected":false},"author":32,"featured_media":3776,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[5,9],"tags":[20,22,78,1183,187,104],"class_list":{"0":"post-3775","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-news","8":"category-tips","9":"tag-facebook","10":"tag-google","11":"tag-hackers","12":"tag-leaks","13":"tag-passwords","14":"tag-paypal"},"hreflang":[{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/1-2-bln-password-leak\/3775\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/1-2-bln-password-leak\/3869\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/1-2-bln-password-leak\/4260\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/1-2-bln-password-leak\/4514\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/1-2-bln-password-leak\/4869\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/1-2-bln-password-leak\/5641\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/1-2-bln-password-leak\/4444\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/1-2-bln-password-leak\/4869\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/1-2-bln-password-leak\/5641\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/1-2-bln-password-leak\/5641\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/me-en.kaspersky.com\/blog\/tag\/facebook\/","name":"Facebook"},"_links":{"self":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/3775","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/32"}],"replies":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=3775"}],"version-history":[{"count":2,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/3775\/revisions"}],"predecessor-version":[{"id":15888,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/3775\/revisions\/15888"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/3776"}],"wp:attachment":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=3775"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=3775"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=3775"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}