In a crime of breathtaking scale, a ring of Russian hackers allegedly infiltrated 420,000 websites of companies ranging from small businesses to Fortune 500 firms, gathering personal information from hundreds of millions of customers: e-mail addresses, and user name and password combinations. Hold Security, the Milwaukee-based cyber-security firm that says it discovered the theft, is not releasing the names of the affected companies, due to nondisclosure agreements, but the New York Times reports that the company is “creating an online tool to allow consumers to see whether their records have been stolen.” But since the tool isn’t ready yet, your best course is to assume your information has been hacked. While that doesn’t mean you will automatically suffer ill consequences, you might still want to protect yourself by taking these measures.
• Change your password. This is especially crucial on sites that retain your credit card information or other sensitive data (health or financial records, for instance).
• Keep an eye on your financial statements and bills. If you do get word from a company that its security was breached, take warnings to change your password seriously, if you have not done so already.
• Going forward, opt not to keep your credit-card information on file. Yes, it’s tempting to check that handy “Keep on record for future purchases” box—who wants to fill out the same info over and over?—but skipping it means you can rest assured that no one will be able to obtain your information if an online merchant gets hacked.
• Keep your passwords unique. Again, it’s tempting to cut corners, but having discrete passwords acts as a safeguard: If one site has a security leak, you won’t be handing over the keys to all of your information. Another smart idea: Change your most important passwords—for your e-mail, your bank or other financial institutions, and sites like PayPal—every 6 to 12 months. To help you remember your passwords, you could use a free password management service (LastPass is one to try) or go totally old-school: Jot them down and keep your list someplace secure.
• Make your passwords as strong as possible. The longer the better: Aim for at least 10 characters. Try to mix letters (not whole words from the dictionary) and numbers, both in numeral form and spelled out.
• Enable multi-factor authentication. Some sites offer the option of taking another one or two steps beyond entering a password in order to access information—a PIN number, say. When possible, give yourself this additional protection.