Russian hackers might have your info — now what?

You may have heard about it in the news: reports that Russian hackers have stolen more than a billion unique username and password combinations, and more than 500 million email addresses, grabbed from thousands of websites. What should you do about it? We asked our resident expert, Maneesha Mithal, director of our Division of Privacy and Identity Protection.

Q. How do you know if your information was part of this hack?

A. You really don’t, so don’t take any chances. Change the passwords you use for sensitive sites like your bank and email account — really any site that has important financial or health information. Make sure each password is different so someone who knows one of your passwords won’t suddenly have access to all your important accounts. We have some tips for creating strong passwords — strong, as in hard to guess.

Some online services also offer “two-factor authentication.” To get into your account, you need a password plus something else, like a code sent to your smartphone, to prove it’s you. We recommend that people use this service when it’s available. 

If you think your email account might already have been affected by a hack, here’s what you can do.

Q. Is creating new passwords enough?

A. Once you have strong passwords, you need to keep them safe. Think twice when you’re asked to enter usernames and passwords, and never provide them in response to an email. For example, if you get an email or text that seems to be from your bank, visit the bank website directly rather than clicking on any links — which could contain malware — or calling any numbers in the message. Scammers impersonate well-known businesses or the government to trick you into handing over your information.

Q. Is there anything else you can do?

A. It’s unlikely this will be the last time you’re affected by a hack or data breach. One way to increase the chance you’ll catch someone trying to misuse your information is to review your credit card and bank account statements regularly. If you see charges that you don’t recognize, contact your bank or credit card provider right away and speak to the fraud department.                                                         

You also can check your credit reports for free every few months at AnnualCreditReport.com or call 1-877-322-8228. Your credit report includes information about your credit card accounts and other bills you pay, so it’s a good way to find out if someone has opened credit in your name. You’re entitled to a free report every 12 months from each of the three credit bureaus — Equifax, Experian and TransUnion. If it turns out you are a victim of identity theft, you can find the steps you should take to deal with it at ftc.gov/idtheft.

Last but not least, send this post to your family and friends to make sure they know what to do, too.

Q. How can someone make sure this doesn’t happen to them again?

A. Unfortunately, you can’t. But by taking these steps, you can lessen the odds scammers will get a hold of your information, and also minimize the consequences if they do.

Blog Topics: 
Privacy & Identity

Comments

Do you offer provocative service to eliminate this threat?

Thanks for the info. I have done all but my medical. What day did the hacking occur. I changed some passwords recently and would like to determine if I did it before or after the problem occurred.

It is incredible how people are in the world today. I don't make much, but that does not give me the right to take what is not mine.

The best thing we can do is, as is always recommended, change our passwords periodically. Somehow, find a way to create it so it's not identifiable to you but still one you can remember.

21srt century innovation or cold war-II?

I am a big fan of the emails I get from the FTC. I found this particular article a must to share. Hope it helps some one. Even if you just use the link on how to make better passwords.
Enjoy

could not get free credit report. Why?
Thankyou. it is a good idea if it works.

Hackers will destroy the internet and young people will have to talk to each other face-to-face or on the telephone...unthinkable.

Can you make the change w/o a hassle?

Thanks for information Travis

I expect this kind of thing will just go on and on and on and they will tweak it constantly in order to avoid detection.

What can be done to prevent this in the future?

This should be stopped immediately or it will encourage other countries from following suit

When will congress wake up and require banking institutions to institute two-step authorizations? They know how to do it but they don't because it will cost them money and they don't have to do it. Everyone should call their banks and demand this.

excellent advice and information-Thanks

If we are to share these posts, you might want to add share buttons for LinkedIn, Twitter, facebook, etc.

great info that we all need to know.

Militaryfares needs to be investigated. They claim to only give tickets to military members and ask for personal info. Come to find out they are out of Germany. I was hacked the same day after buying a ticket online through them. Our government should investigate! The bottom of their site is links to ALL our military branches.

You can file a consumer complaint with the Federal Trade Commission (FTC) at www.ftc.gov/complaint. If a trend is detected the company could be investigated.

When we couple this together with the NSA and IRS having all of our information and losing hard drives and data, it leaves us all very vulnerable.

Why am I a Magnet for scanners? Seems know matter what site I pick them up?

Maybe what you need is a Network Shield to protect your IP Address. Changing passwords may not protect you from a hacker.

I would like to delete my records because some are using with out a permission to me

If you are worried about identity theft here are some steps you can take to protect yourself. Find more information about identity theft at ftc.gov/idtheft.

Leave a Comment

Comment Policy

Read Our Privacy Act Statement

It is your choice whether to submit a comment. If you do, you must create a user name, or we will not post your comment. The Federal Trade Commission Act authorizes this information collection for purposes of managing online comments. Comments and user names are part of the Federal Trade Commission’s (FTC) public records system, and user names also are part of the FTC’s computer user records system. We may routinely use these records as described in the FTC’s Privacy Act system notices. For more information on how the FTC handles information that we collect, please read our privacy policy.