Today in the news:
Russian hackers steal more than 1 billion passwords.
That is a lot of passwords; from this 500 million appear from e-mail accounts. At the moment of writing we do not know which companies where affected but from reports it is clear that Large and Small websites have been infected. We have no way to verify if your site is infected at the moment nor do we have any more information as currently is provided by the media. But one thing is clear; users should change their Passwords. This is an official recommendation of several national cyber security centers around the world.
Do you need to change your password ?
If you follow good security practices you should always;
- change your password regularly, so now would be a good time.
- have non-dictionary words as a password
- include special characters in your password
- not use the same password for multiple accounts on different sites, if one gets hacked the others at least have a different password.
And where possible use a 2factor authentication system to render the passwords useless without the 2factor code from i.e. your phone. (note that for security reasons its still a very good practice to change your passwords, even when using 2factor authentication).
We will update this article if more information becomes available to us.