A breach of mind boggling magnitude has been unearthed by Hold Security, a Milwaukee firm that specializes in identifying major online security breaches.  Nicole Perlroth and David Gelles broke the story yesterday about Hold Security’s latest discovery (www.nytimes.com; “Russian Gang Amasses Over a Billion Internet Passwords”; August 5).   Other media are now reporting on this story citing the New York Times article.

No, you’re not mis-reading the headline of their story— over 1.2 billion unique combinations of user names and passwords were stolen by Russian hackers.  In their story, Ms. Perlroth and Mr. Gelles report that Hold Security found that the Russian gang had also stolen over 500 million email addresses.  Per their report, the New York Times hired an independent security expert to analyze the database that Hold Security had.  That expert confirmed the authenticity of the database and the magnitude of the data that has been stolen.

Which companies and websites have been victimized?  Hold Security is not disclosing the names of victims because of “non disclosure agreements” and the company’s reluctance to name companies whose websites could still be vulnerable.  Ms. Perlroth and Mr. Gelles wrote that it appears that the Russian criminals haven’t been selling many of the records online yet but, instead, appear to be sending spam out on social networks for fees paid by other groups.

So what protective steps can individuals take?  It’s hard to know exactly what to do when faced with a breach of this astounding magnitude.  Some of the most immediate steps are ones that are sound guidance regardless of the scope of a breach.  These include diligently examining financial statements for any suspicious charges or withdrawals; changing passwords as a pro-active step; and not using the same password and user name for multiple sites.