It seems that almost every day there is another story of a company, website, or celebrity that has been hacked. Sensitive information – everything from banking details to naked selfies – gets posted online and embarrassment and financial devastation grows. Despite the constant flow of information about high-profile hacks and the commonplace occurrence of identity theft, people still don’t take basic precautions to protect themselves, and websites don’t take basic precautions to protect user data.
When a hacker breaches a site like MySpace, and compromise their user database, they can compromise your email/username and password combinations. If you reuse that same combination on other sites, it is very easy for hackers to write a script to compare those credentials against other popular sites, and identify which ones give them access. It is no surprise that the number of Twitter accounts hacked in the past few weeks is exploding, given that many or most of those people likely also had MySpace or LinkedIn accounts, and were likely using the same password on all of them.
Twitter acknowledged as much when discussing the announcement that 32 million user credentials were available on the dark web.
“The purported Twitter @names and passwords may have been amassed from combining information from other recent breaches, malware on victim machines that are stealing passwords for all sites, or a combination of both. Regardless of origin, we’re acting swiftly to protect your Twitter account.”
Many websites are now informing you when a login is attempted on your account from a new location, but this is still neither common or foolproof. Some sites still store user credentials in plain text, though encryption of user credentials is more common than not, these days. The strength of that encryption varies, however.
If you are using the same password across many websites, it is just a matter of time before you will be hacked. You really should be using a better method to keep yourself secure. Password locker systems (KeePass or KeePassX, for instance) allow you to keep an unlimited number of passwords stored in a single location and allow you to simply click to copy the correct password and paste it into login forms. You don’t need to remember them all, and most of these systems have a mobile app version that keeps a synchronized copy for logging in via your devices.
Whatever system you choose, it is well past time when you should be taking your personal information security much more seriously. If you are using the same password for your Facebook account and your online banking, you are dancing in a virtual minefield and it’s just a matter of time before something blows up.
We’ve launched this blog to look at developments in the area of cybersecurity, privacy, encryption, and government surveillance, because their intersection is the epicenter of the digital world. Discussions of the balance between security and privacy will drive most tech discussions for the next ten years. Much of this starts with you being better informed and empowered to take an active role in securing your personal data.