Hackers have struck again.
This time, a Russian hacking ring has allegedly stolen more than a billion online user names and passwords, including more than 500 million email addresses. They are believed to be selling those data to third parties on the black market, who use the information to spam Internet users.
It's unclear which websites the Russian hackers hit, but with so much stolen data, there's a chance you have been affected. On Wednesday, a day after news about the breach broke, several security experts issued tips on how consumers can protect their personal data.
"As more of our personal data is being exchanged and stored online, the risks posed to consumers by major security breaches has become all the more critical," New York Atty. Gen. Eric T. Schneiderman said. "As law enforcement pursues those who are responsible for these breaches, it is important that consumers remain vigilant. Taking a few key precautions can help keep you a step ahead of cybercriminals."
If you think you are a victim of this attack or any other security breach, here are steps you can take:
•Change your passwords. The theft of so many logins and passwords is dangerous because people often use the same sign-on information across many websites. Go to your most important online accounts (your email, bank, credit card, etc.) and update them with strong passwords that consist of lower- and uppercase letters, numbers and symbols. Also use different passwords for different accounts.
•Monitor your debit and credit card activity: Make sure all the purchases listed are ones you made. If they aren't, you might be a victim of identity theft.
If you suspect you're a victim of identity theft:
•Create an identity theft report: You can head to the Federal Trade Commission's website to create an Identity Theft Affidavit. Use that affidavit to file a police report and create an Identity Theft Report, which will help you deal with credit reporting companies, debt collectors and any fraudulent accounts that the identity thief opened in your name.
•Report to any of the three credit reporting firms (Equifax, Transunion or Experian) that you may have been a victim of identity theft: Make sure the credit reporting firm has your current contact information so it can get in touch with you.
•Ask the credit reporting firms to put a fraud alert on your credit file: A fraud alert is a signal to credit grantors that you may have been a victim of suspicious activity, so they know to take extra steps to verify the legitimacy of a request for new credit, extension of credit on an existing account, or issuance of an additional card on an existing account. Contacting any one of the three credit reporting firms is enough to file a credit alert with all of them. An initial credit alert must be renewed every 90 days. This will still allow you to use your credit card.
•Freeze your credit report: Notify the three credit reporting firms and put a freeze on your credit report, which means potential creditors cannot get your credit report. That makes it less likely an identity thief can open new accounts in your name. There may be a small fee associated with freezing your credit report. You can remove the freeze temporarily or permanently by contacting each of the three firms.
•Get a copy of your credit report: After freezing your credit report, ask the three credit reporting firms for a free copy; you're entitled to free reports once you post a fraud alert or put a freeze on your account. Read the reports carefully to see whether fraudulent transactions or accounts are listed, and then take steps to correct those errors.
•Dispute errors: If you find erroneous transactions or accounts, you will have to contact the fraud departments of the credit reporting firms as well as the businesses involved, explaining the error and your situation.
This week's hacking breach was the latest in a string of major online security breaches. Most notably, late last year millions of credit card numbers and other personal data were stolen from retail giant Target by Eastern European hackers.
This latest breach, perhaps the largest ever of its kind, targeted websites of both large and small companies as well as individuals.
Security experts stress that consumers should be vigilant even when a breach hasn't been reported and urge common sense when it comes to personal data.
For instance, do not write down or store passwords electronically. Be aware that any passwords stored electronically (such as in a word processing document or cellphone's notepad) can be easily stolen and provide cybercriminals with all your sensitive information.
If you hand-write passwords, do not store them in plain sight. Along the same lines, do not post any sensitive information on social media.
Avoid sharing your passwords with anyone, or revealing the answers to your security questions.
Times staff writer Salvador Rodriguez contributed to this report.