Bloomsburg University in PA is hosting the 2024 BloomCON - 0x08. Vestige is guest speaking on March 1 on Careers in Digital Forensics & Cybersecurity.

1.2 billion stolen passwords? Figure yours is among them: Plain Dealing


1.2 billion stolen passwords? Figure yours is among them: Plain Dealing

Author photo
The Cleveland Plain Dealer, Journalist

You know the drill. It’s time to change your password.

A Russian gang reportedly is holding a staggering 1.2 billion username and password combinations.  The New York Times, which broke the story, said the gang amassed the data over time through social media engineering, from company websites and from other networks.

As colossal as that number is, we’ve been here before.

“They’re sending out all sorts of spamming emails … a common part of social engineering we’ve seen in the past,” says Greg Kelley of Vestige Digital Investigations, a digital forensics and security company.

Although some security pros suspect much of the gang-held data might be from previously announced breaches, it’s a good wake-up call for all of us.

According to the Times, the gang is using the account information largely to spam people — getting them to click on infected links that turn their computers into spam senders.

“They’re using all the tricks we’ve been warning people about,” Kelley said.

So let’s review:

  • Change your passwords now. Repeat every three months or so. Tuck numbers and symbols inside your passwords to make them tougher for hackers to crack.
  • Don’t use the same password for multiple accounts. Have separate shopping passwords, personal account passwords and work passwords – and make sure they’re all strong.
  • Consider using two-factor authentication if your email service has it. This feature texts you a short-lived code when you try to log in, and to complete the log in, you have to enter the code. (Takes one step more to log in, but Kelley says it’s a great tool for alerting you if someone’s trying to hack your account.)
  •  Don’t click on links unless you know and trust the sender and know where the link will take you. (Hover over the link to see where it leads.) All those emails you get with no messages and only a link – they’re likely infected. And avoid those “OMG — you’ll never believe what happened” links on social media, too.
  • Set your email server to let you view email without opening it. That allows you to jettison bad stuff faster.
  • Install software updates asap. Many plug known security holes — and hackers pick off stragglers who dawdle.
  • Don’t respond to calls from techs warning you that your computer has been hacked. They’re not from Microsoft or Apple – they’re bad guys trying to get you to load malware on your computer.
  • Consider freezing your credit reports. In a world filled with data breaches, it will buy you some peace of mind. A freeze keeps someone from opening a loan or credit card account in your name. Find details at And maybe considering placing it by phone, rather than online.
  • Encourage your company to protect stored customer information. You don’t want your company to be associated with a hack. Ask Target, or P.F. Chang’s, or Adobe or ….

The Plain Dealer, Cleveland, OH  | Plain Dealing
By: Sheryl Harris