A Russian gang has compromised and stolen over a billion credentials from 420,000 web sites, according to a new report by The New York Times and security research firm, Hold Security.
Hold Security reported on a similar hack back in February that may or may not be related to this one, but as of now, the firm isn’t mentioning the names of any of the sites hacked because many of them are still vulnerable. That said, right now it seems like the bulk of those usernames, emails, and passwords are being used to post spam on social networks, and haven’t been sold to identity thieves or anyone else. Because of that, we’re not suggesting you run out and change all of your passwords just yet.
With that in mind, it’s a good time to double-check your password security and make sure everything’s in order. Here’s a quick primer for getting started with our favorite password manager, LastPass:
- If you’re brand new to LastPass, head over to our beginner’s guide to LastPass to get up and running.
- If you’re already using LastPass, our intermediate guide will help you go beyond the basics.
- Of particular interest right now, you can use LastPass to audit and update your passwords. Their audit tool can reveal your least secure passwords, which passwords you’re repeating on various sites, and more.