273 million passwords stolenHave you changed your email account password recently? No matter whether your last password change-up happened yesterday or six months ago, it’s time to change them all as soon as possible. Just in time for World Password Day, a trove of 273 million passwords and usernames for email accounts stolen by a Russian hacker called “The Collector” was reported by Reuters. This collection of stolen credentials was discovered when researchers from security company Hold Security came across posts from The Collector bragging about it on various underground cybercrime forums. Although the vast majority of the 273 million passwords were accounts from popular Russian email service Mail.ru, many Yahoo, Gmail and Microsoft Hotmail accounts were also part of this gigantic database. Keep reading to find out what you need to know about this data breach and how it could affect you.

Should I be concerned about my email password?

Initially, Hold Security researchers say the Russian hacker was advertising that he had a collection of 1.17 billion records he was ready to give away. He demanded a mere 50 roubles (less than $1) in exchange for the information, but ended up giving the entire cache over to researchers after they promised to post positive comments about him on underground forums. After eliminating duplicate accounts from the 1.17 billion records, it was determined that 273 million unique email accounts were represented. This included 57 million Mail.ru accounts, 40 million Yahoo accounts, 33 million Microsoft Hotmail accounts, 24 million Gmail accounts as well as several hundred thousand German and Chinese email accounts. If you have an email account with one or more of those email providers, it’s certainly worth your concern.

How could this information be used by cybercriminals?

Databases like this one are valuable for those wishing to commit further hacks, scams or phishing attacks. If a criminal gains access to the email address you use with various online accounts, they can use it to reset your passwords for those accounts, opening your entire online presence to compromise. Access to your email account also means access to your contacts list, which can be used to perpetrate phishing attacks. Additionally, criminals are well aware that most people reuse passwords. Even if the password is outdated for the account it’s paired with, they can try using it on other accounts a person owns to try and gain access. Recent research from Cloud Security Alliance indicates that 22% of data breaches reported by 325 companies they surveyed were perpetrated using stolen account credentials — credentials just like these 273 million email passwords, an indication of why a database like this is of high value to cybercriminals.

What can I do to protect myself?

Although you should be changing your passwords every six months or less anyway, you should change your email account passwords immediately. For guidance on creating a strong, unique password, check out this blog post. Make sure every password you use for each different account you have is unique. If you have a habit of reusing passwords due to an inability to remember them all, you can take advantage of a password manager like LastPass to safeguard your passwords under a secure, encrypted master password.

That said, a strong password is, unfortunately, no longer enough — enable two-step verification for any account you have which offers it to bump up your account’s protection level. Even if a hacker gains your password, with two-step verification, unless he or she can access your text messages, your account can’t be broken into. Forbes provided information on how to activate two-step verification on Yahoo, Gmail and Hotmail email accounts in this article. Some email providers are upping their game by introducing password-free security features, which might help curb the impact by data breaches of login credentials like this one.

Learn more about protecting your personal security online and off by following our identity theft protection blog. Want to beef up the security on your smartphone, computer and other devices? Read our Internet security software reviews to find out which is the best choice for you.