If all the previous reports about Internet security breaches and stolen passwords weren't enough to scare you into changing your info, this one might: The New York Times reports that a small group of Russian hackers has collected 1.2 billion username and password combos, along with about half as many email addresses. The report, based on findings from a Milwaukee company called Hold Security, doesn't offer specifics about which sites have been compromised but says they range from tiny ones to those of Fortune 500 companies. As of now, there's no way to tell whether the hackers have gotten your information, though Hold says it's working on a tool for that.
The hackers apparently haven't sold the stolen info and are instead using it to send out spam on Twitter and other social networks for other groups and to collect fees for their trouble. But they would presumably make big bucks if they eventually opt to sell, given the habit of many people to use the same passwords at multiple sites and thus the ability to transform all this information into lucrative identity theft. "Hackers are continuing to outpace the digital security precautions of so many companies and organizations that it's starting to feel like a losing battle," writes Kate Knibbs at Gizmodo. For now, "there aren't many practical steps people can take besides changing their information regularly." (More Hold Security stories.)