OK, now it's really time to change your password.
With news that as many as 1.2 billion user names and password combinations had been stolen, security experts are urging consumers to be more vigilant online.
A Russian cybergang injected malicious code into at least 420,000 websites to gather the data. The attack "looks absolutely enormous," said Geoff Webb, senior director of security and strategy at NetIQ, a computer security company based in Houston. "It's yet another example showing that there's lot of work to be done in making the Web-based applications that people use secure."
Because people tend to use the same password on multiple sites, "when a medium-sized breach occurs, it can have major repercussions because those passwords are used on so many systems," Webb said. "And this is a huge breach."
Some of the e-mail and password combinations may be old and no longer in use, so it may not be necessary for users to change their passwords, said Alex Holden, founder and chief information security officer for Hold Security in Milwaukee. "The last thing we want is to panic the marketplace," he said. "That won't be productive."
Potential victims can register atHoldSecurity.com to see whether their e-mail addresses are among those compromised. The company says in the coming days it plans to let them know for free if their credentials have been found in possession of the gang, which Hold Security has deemed CyberVor ("vor" means "thief" in Russian).
"The takeaway from all of this: It's time to change your password again," says security expert Phil Lieberman, CEO of Lieberman Software.
Beyond that, here's some other tips for more secure online conduct:
PASSWORD SAFETY TIPS
1. Mix it up Make passwords 10 characters or longer and use a mix of lowercase, uppercase, symbols and numbers. Change your important passwords every 3months.
2. Be creative Use unique passwords for each account and vary the e-mail addresses you use.
3. Split social media and money Don't use the same username or password for credit cards and bank accounts that you use for social media or websites.
4. Keep passwords safe Don't store your account information in an unsecured document on your computer or network. Be sure not to share passwords with anyone, even family or friends.
5. Stay informed Keep up with the details of the breach as they become released.