Do I need to worry about this epic theft of 1.2 billion user names and passwords?

An article in yesterday’s NY Times alerted us to a Russian crime ring that has amassed 1.2 billion user name and password combinations and 500 million email addresses.

The article did not identify which websites these user names and passwords were for. It only stated that there well known websites as well as small websites.

There is no indication that any of these user name and password combinations were for businesses like yours. It is more likely that these user names and passwords were for online banking, email, or shopping services.

I strongly recommend that your employees be advised that they should change the passwords that they use for any online banking, email, or shopping services. While these user names and passwords would not allow criminals to access your firms networks, they could allow the criminals to conduct sophisticated and deceptive phishing campaigns which could lead to the spread of malware.