No one is yet saying which firms, banks or associations were targeted, but federal agents have confirmed that as many as 1.2 billion (and yes, that's billion) user names and passwords and more than 500,000 passwords have been compromised. It's the largest known collection of such stolen data, and law enforcement is pointing to a Russian crime ring as the perpetrators.
Hold Security, out of Milwaukee, Wisc., was first to detect the breach, telling authorities that credentials were stolen from nearly 420,000 websites.
"Hackers did not just target U.S. companies, they targeted any website they could get, ranging from Fortune 500 companies to very small websites," Alex Holden of Hold Security told The New York Times
. "And most of these sites are still vulnerable."
Meanwhile, cyber security experts were all over the nation's airwaves Wednesday morning, cautioning users to strengthen and secure their passwords with the following tips:
-Make the password long. Eight characters are recommended, but 14 is better and 25 is better still.
-Always use the combination of letters and numbers, upper and lower cases.
-Avoid words that are in dictionaries.
-Never reuse passwords on duplicate accounts.
-Gmail offers you the option to use two passwords. Do it.