Cybersecurity professionals warn that anyone with a personal email account might want to change their passwords following revelations of a massive cache of stolen user names and passwords being offered for sale on the Internet.
The thefts involved some of the biggest email providers in the world such as Google, Yahoo, Hotmail and Microsoft. The bulk of the stolen accounts—some 272.3 million—include Russia’s Mail.ru users, according to Alex Holden, founder and chief information security officer of Hold Security who discovered the theft.
"We know he's a young man in central Russia who collected this information from multiple sources," Holden told NBC News. "We don't know the way he did it or the reason why he did it."
The user names and passwords were being offered for sale on the so-called “dark web” where hackers hock their goods.
“The data collection of consumers, the data collection of federal government employees, it's very obvious that it's targeted, that it's orchestrated, and that there is multiple groups in play here,” said Theresa Payton, CEO of Fortalice Solutions, a cybercurity company and a former White House Chief Information Officer. “
Hackers use stolen email information to lure users into giving away more information including birthdates, credit card numbers and bank account access.
In 2014, cyber criminals stole $16-billion from nearly 13 million consumers.
All the more reason, say experts, to regularly change passwords regularly—even monthly.
"And more importantly, you should also be thinking about one site, one password,” said Lucy Millington, head of corporate security for Sophos Cyber Security. “So don't reuse a password, don't use the same password for the bank, as you do for retail shopping, as you do your email."
So what’s a good password?
Well, for starters, don’t include the names of your children, pets or home addresses—all information that could easily be found online.
Instead, use abstract combinations of letters, numbers and characters that a criminal’s computer program couldn’t easily guess.
Mixing languages is another way to throw off hacking programs. Running together the lyrics of a song could also help strengthen passwords.
Experts advise paying for credit monitoring to watch for suspicious activity.
And be very suspicious of all incoming emails that could be phishing for more sensitive information.
"A breach is inevitable,” Payton said. That information that you've entrusted someone else with is eventually going to be hacked."
Experts say a moment of distraction and a click on a bad link can invite cyber-crooks a world away.