News reports have started to spread widely about a reported theft of BILLIONS of login/password combinations by cybercriminals. We wanted to take a minute to help customers figure out what this means for them, and what they should do.
First, one of the best summaries around comes from Brian Krebs who writes an excellent security blog that we follow regularly. If you want to dig in and find out what happened and get some of the nitty gritty details, that is a great place to do it.
For those that rely on us to interpret this type of thing and give them actionable advice, here are our thoughts:
A. There is nothing special required in order to combat this. If you are a victim, it is already done and there is nothing you can do to stop it.
B. There are some VERY common best practices when it comes to technology and your security and this incident gives us a GREAT opportunity to provide some reminders:
1. You should already be changing your password on Internet sites regularly. That is all you need to do to erase your exposure to this particular incident. If you want to change passwords on the most critical sites NOW instead of waiting for your normal update cycle, that’s not a bad idea. The analogy we always use is you should change your passwords as often as you change the oil in your car.
2. It is NEVER a good idea to use the same password on every Internet site. That practice was an enabling factor in this attack. Make sure passwords for different sites are unique.
As is always the case, we are happy to answer any questions you might have. Just drop us a comment below.