Russian hackers might have your info — now what?

You may have heard about it in the news: reports that Russian hackers have stolen more than a billion unique username and password combinations, and more than 500 million email addresses, grabbed from thousands of websites. What should you do about it? We asked our resident expert, Maneesha Mithal, director of our Division of Privacy and Identity Protection.

Q. How do you know if your information was part of this hack?

A. You really don’t, so don’t take any chances. Change the passwords you use for sensitive sites like your bank and email account — really any site that has important financial or health information. Make sure each password is different so someone who knows one of your passwords won’t suddenly have access to all your important accounts. We have some tips for creating strong passwords — strong, as in hard to guess.

Some online services also offer “two-factor authentication.” To get into your account, you need a password plus something else, like a code sent to your smartphone, to prove it’s you. We recommend that people use this service when it’s available. 

If you think your email account might already have been affected by a hack, here’s what you can do.

Q. Is creating new passwords enough?

A. Once you have strong passwords, you need to keep them safe. Think twice when you’re asked to enter usernames and passwords, and never provide them in response to an email. For example, if you get an email or text that seems to be from your bank, visit the bank website directly rather than clicking on any links — which could contain malware — or calling any numbers in the message. Scammers impersonate well-known businesses or the government to trick you into handing over your information.

Q. Is there anything else you can do?

A. It’s unlikely this will be the last time you’re affected by a hack or data breach. One way to increase the chance you’ll catch someone trying to misuse your information is to review your credit card and bank account statements regularly. If you see charges that you don’t recognize, contact your bank or credit card provider right away and speak to the fraud department.                                                         

You also can check your credit reports for free every few months at AnnualCreditReport.com or call 1-877-322-8228. Your credit report includes information about your credit card accounts and other bills you pay, so it’s a good way to find out if someone has opened credit in your name. You’re entitled to a free report every 12 months from each of the three credit bureaus — Equifax, Experian and TransUnion. If it turns out you are a victim of identity theft, you can find the steps you should take to deal with it at ftc.gov/idtheft.

Last but not least, send this post to your family and friends to make sure they know what to do, too.

Q. How can someone make sure this doesn’t happen to them again?

A. Unfortunately, you can’t. But by taking these steps, you can lessen the odds scammers will get a hold of your information, and also minimize the consequences if they do.

 

Leave a Comment

Comment Policy

This is a moderated blog; we review all comments before they are posted.  We expect participants to treat each other and the bloggers with respect.  We will not post comments that do not comply with our comment policy.  If a submitted comment includes a link to a commercial website, we will delete the link and post the comment. We won't edit comments except to remove links.

We won’t post:

  • spam or off-topic comments
  • comments that contain vulgar language, personal attacks, or offensive terms that target specific groups
  • sales pitches or promotions
  • comments that contain clearly misleading or false information
  • comments that contain personal information, like home addresses

Comments submitted to this blog become part of the public domain. To protect your privacy and the privacy of others, please do not include personal information. Also, do not use this blog to report fraud; instead, file a complaint.

If you have questions about the commenting policy, please contact us.

Read Our Privacy Act Statement

It is your choice whether to submit a comment. If you do, you must create a
user name, or we will not post your comment. The Federal Trade Commission Act
authorizes this information collection for purposes of managing online
comments. Comments and user names are part of the Federal Trade Commission’s
(FTC) public records system, and user names also are part of the FTC’s computer
user records system. We may routinely use these records as described in the
FTC’s Privacy Act system notices. For more information on how the FTC handles
information that we collect, please read our privacy policy.