With the right query, a simple search engine is all that is needed to uncover usernames and passwords -- and for more than 1 billion people, that means their information may already be in the wrong hands.
Russian hackers have stolen an estimated 1.2 billion usernames and passwords, and Computer Forensic Services CEO Mark Lanterman explained that a simple query can allow search engines like Google to sniff out log-in information for common e-mails, including Gmail, Yahoo and Hotmail.
"You can find a lot of information that people don't want to share," Lanterman warned. "They don't understand Google is accessing and indexing this personal information."
According to Lanterman, it's you against Google -- and what he's found is mind blowing.
"His credit union, his MySpace password, his date of birth, his Bank of America," Lanterman listed. "CareFirst -- that's probably his health care."
The New York Times revealed Tuesday that an SQL injection allowed Russian hackers to access 1.2 billion usernames and passwords and 500 million e-mail addresses from about 420,000 websites. The score dwarfs the Target store hack of 40 million credit card numbers.
The breach was uncovered by Hold Security, a Milwaukee-based company that tracked the hackers to south central Russia, between Kazakhstan and Mongolia. So far, the culprits have yet to sell much of the information -- but that doesn't mean they don't plan to.
"They're in the business of selling this information, not using it," Lanterman said. "They're wholesalers."
Lanterman told Fox 9 News the problem is that most websites don't update their security. That means there may be little consumers can do to protect themselves beyond basic password protection habits because when it's you against Google, Google will probably win.
Here are some basic tips for password protection:
- Use letters and numbers
- Use at least 8 characters
- Change passwords monthly
- Use different passwords for different accounts
- Don't store passwords in text files, or label the file "passwords"