You may have heard about it in the news: reports that Russian hackers have stolen more than a billion unique username and password combinations, and more than 500 million email addresses, grabbed from thousands of websites. What should you do about it? We asked our resident expert, Maneesha Mithal, director of our Division of Privacy and Identity Protection.
Q. How do you know if your information was part of this hack?
A. You really don’t, so don’t take any chances. Change the passwords you use for sensitive sites like your bank and email account — really any site that has important financial or health information. Make sure each password is different so someone who knows one of your passwords won’t suddenly have access to all your important accounts. We have some tips for creating strong passwords — strong, as in hard to guess.
Some online services also offer “two-factor authentication.” To get into your account, you need a password plus something else, like a code sent to your smartphone, to prove it’s you. We recommend that people use this service when it’s available.
If you think your email account might already have been affected by a hack, here’s what you can do.
Q. Is creating new passwords enough?
A. Once you have strong passwords, you need to keep them safe. Think twice when you’re asked to enter usernames and passwords, and never provide them in response to an email. For example, if you get an email or text that seems to be from your bank, visit the bank website directly rather than clicking on any links — which could contain malware — or calling any numbers in the message. Scammers impersonate well-known businesses or the government to trick you into handing over your information.
Q. Is there anything else you can do?
A. It’s unlikely this will be the last time you’re affected by a hack or data breach. One way to increase the chance you’ll catch someone trying to misuse your information is to review your credit card and bank account statements regularly. If you see charges that you don’t recognize, contact your bank or credit card provider right away and speak to the fraud department.
You also can check your credit reports for free every few months at AnnualCreditReport.com or call 1-877-322-8228. Your credit report includes information about your credit card accounts and other bills you pay, so it’s a good way to find out if someone has opened credit in your name. You’re entitled to a free report every 12 months from each of the three credit bureaus — Equifax, Experian and TransUnion. If it turns out you are a victim of identity theft, you can find the steps you should take to deal with it at ftc.gov/idtheft.
Last but not least, send this post to your family and friends to make sure they know what to do, too.
Q. How can someone make sure this doesn’t happen to them again?
A. Unfortunately, you can’t. But by taking these steps, you can lessen the odds scammers will get a hold of your information, and also minimize the consequences if they do.