OK, now it's really time to change your password.

With news that as many as 1.2 billion user names and password combinations had been stolen, security experts are urging consumers to be more vigilant online.

STATS: Breach by the numbers

A Russian cybergang injected malicious code into at least 420,000 websites to gather the data. The attack "looks absolutely enormous," said Geoff Webb, senior director of security and strategy at NetIQ, a computer security company based in Houston. "It's yet another example showing that there's lot of work to be done in making the Web-based applications that people use secure."


Russian gang stole 1.2 billion passwords

Because people tend to use the same password on multiple sites, "when a medium-sized breach occurs, it can have major repercussions because those passwords are used on so many systems," Webb said. "And this is a huge breach."

TIPS: Best ways to change your password

Some of the e-mail and password combinations may be old and no longer in use, so it may not be necessary for users to change their passwords, said Alex Holden, founder and chief information security officer for Hold Security in Milwaukee. "The last thing we want is to panic the marketplace," he said. "That won't be productive."

Potential victims can register to see whether their e-mail addresses are among those compromised. The company says in the coming days it plans to let them know for free if their credentials have been found in possession of the gang, which Hold Security has deemed CyberVor ("vor" means "thief" in Russian).

"The takeaway from all of this: It's time to change your password again," says security expert Phil Lieberman, CEO of Lieberman Software.

Beyond that, here's some other tips for more secure online conduct:

Read or Share this story: