A Ministry of Commerce spokesperson did not mention any U.S. actions specifically, but it's been a tense couple of weeks for the trade negotiations.World Politicsread more
U.S. stock index futures were lower Thursday morning, as market participants continue to monitor an intensifying trade war between the world's two largest economies.US Marketsread more
British Prime Minister Theresa May could announce her resignation in the next few days, according to U.K. media reports, as she faces increasing pressure from members of her...Europe Politicsread more
A federal judge in New York City on Wednesday said Deutsche Bank and Capital One can turn over financial documents related to President Donald Trump and his businesses in...Politicsread more
Richard Yu, CEO of Huawei's consumer business, said Huawei's own operating system for smartphones and laptops could be ready for use in China by fall this year.Technologyread more
Shares of Chinese telecommunications heavyweight Huawei's suppliers took a hit on Thursday amid the ongoing fallout surrounding the Chinese telecommunications giant.Asia Marketsread more
Lawmakers, lobbyists and CEOs in the U.S. are looking to trying to pick out the best parts of the EU's privacy law called GDPR – and ditch what they see as the worst.Technologyread more
Indian Prime Minister Modi is on course to return to power for a second term after his party reportedly won big at the parliamentary elections.Electionsread more
The embattled German lender saw its share price hit a record low Monday, down nearly 5% since the start of the year.Banksread more
The interaction, witnessed by a senior administration official, followed President Donald Trump's abrupt exit out of a meeting with Democratic congressional leaders.Politicsread more
Among the many ways Trump has shattered White House norms, his impulsive public communications rank among the most consequential. By inspiring investors or spooking them, his...Politicsread more
It's time to change your passwords, again. All of them.
A Russian crime ring has stolen a staggering amount of confidential information: 1.2 billion username and password combos and more than 500 million email addresses from some 420,000 websites, according to a report in The New York Times. Hold Security in Milwaukee first discovered the breach, warning site visitors in a post Tuesday titled, "You have been hacked!"
"The magnitude of this is almost unimaginable," said Adam Levin, chief executive of Identity Theft 911. Given a global population of a little more than 7 billion, he said, "you've got a pretty good shot that you're on the list."
Hold Security has yet to name companies affected, and did not immediately respond to requests for comment. But security experts say the breach could have a domino impact. "The truth of the matter is, consumers still practice incredibly poor password policies," said Adam Tyler, chief innovation officer for fraud detection firm CSID.
Even if say, your bank or favorite retailer weren't among those hacked, people tend to recycle passwords among frequently visited sites—putting even more of their accounts and sensitive information at risk. Scammers are likely to take advantage of the news, too, by sending out phishing emails that masquerade as breach alerts from a bank or retailer, with the net effect of stealing more login combos.
Given the scope, it's smart to take steps to limit the potential impact of the breach. "There are certainly some sites I'm going to go to today and change my password," said Geoff Webb, senior director of solution strategy for security management firm NetIQ. At least, accounts containing sensitive financial or medical information. "The worst that will happen is that you've changed your password," he said. "That's not a bad thing."
With big data breaches becoming more common, experts say it's time to take more steps to protect yourself:
Pick a better password: "Passwords have to be easy to remember but hard to guess," said Parry Aftab, an attorney specializing in Internet privacy. Her trick: Pick a sentence (not a common phrase or saying) that can be boiled down to a string of letters, numbers and symbols. For example, "On Jason's fourth birthday, he ate cake!," which might boil down to "OJ4thbh8c!"
Even then, it's not smart to use the same password for your bank login as you do for a retailer's site or social networking account. Pick a different phrase, she said, or at least consider sneaking in a site-specific abbreviation somewhere (FB for Facebook, say, to make it "OJ4thFBbh8c!") to make it unique to the site, without overburdening your memory.
Try a password manager: Services such as LastPass, Dashlane and KeePass create and manage complex passwords for you. "They make it a million times easier to create complicated passwords," Tyler said. The catch: you'll need a very secure password or authentication as a master password for that account. Basic versions are free, while premium versions covering more accounts and devices can run up to $20 per year.
Beef up authentication: Some sites, including Gmail and Twitter, offer two-step verification—which requires users logging in from a new device to enter a code sent to the mobile phone linked to the account. When that technology is available, enable it, said Webb. "If you have that kind of step, it doesn't matter if someone steals your username and password," he said. "They still can't get in, unless they stole your phone, too."
Limit your financial risk: Don't use a debit card to make purchases online—credit cards offer more comprehensive protection against fraud. It's also smart to limit your online buying to just one card, said Sergey Lozhkin, senior security researcher at Kaspersky Lab. That makes it easier to monitor for potential problems, and cut off criminals' access if the number is compromised. Some issuers, including Bank of America, still offer temporary card numbers to keep your information safe.
Secure your devices: Password-protect your phone and computer to thwart prying eyes, Aftab said. If you're not the only one using a device, don't set sites to automatically log in or save passwords. Password-protect any files containing sensitive information.
Use social identity: Given the option to create an account or log in through a social networking site such as Facebook or LinkedIn—an option more retailers and other companies offer—consider the latter, said Webb. Doing so gives you fewer passwords to remember, and narrows breach worries to just a few sites. Of course, go this route and you'll want to be sure that social networking password is very secure, he said.
Scan for problems: Corporate data breaches aren't consumers' biggest concern. "Malware steals much more data than that each year," said Tyler. If there's malware on your personal or work devices, other password protections won't help at all. "It will just grab the updated passwords," he said. Install software to scan for viruses, spyware and other potential problems, and then use it regularly. This step is particularly important if you have kids—who tend to be less discerning about browsing and downloading, increasing the risk of contracting malware, said Aftab.
Stay vigilant: "You have to be on high alert now," said Levin. Take any email alerts about the breach from companies you do business with, with a grain of salt. "No institution will ever ask you to provide information via email," he said. Don't click on any links in the email, or call any numbers listed there. If the threat is legit, you'll be able to take any necessary steps by logging into your account in a new browser window, or calling the company on its main listed customer service number.
Consumers should also keep an eye on their accounts in coming months to ensure their financial information hasn't been compromised.
—By CNBC's Kelli B. Grant