In view of the latest large-scale security breaches, internet security expert BullGuard has come up with some sensible advice about keeping your passwords safe. Read on for more advice :
LinkedIn, eHarmony and Last.fm targeted, phishing attempts on stolen passwords begin
Internet
security expert, BullGuard, has reacted to the theft of millions of
user passwords from the popular business-based networking site LinkedIn,
dating site eHarmony and now Last.fm, encouraging individuals to be
more vigilant with their online security.
A
year after the high-profile Sony Playstation Network security breach,
LinkedIn users were recently informed that 6.5million user account
passwords had been stolen and published on a Russian computer hacking
forum, leaving them open to phishing attacks and potential infection by
malware designed to steal personal data from a host computer. Since then
1.5million passwords were stolen from online dating site eHarmony and
music website Last.fm is the latest to announce a breach of its
security. These attacks have already yielded a number of phishing scams -
hackers are targeting those affected by the LinkedIn hacking with
fraudulent emails that appear to be official correspondence but direct
to a website selling counterfeit drugs.
The
frequency at which these attacks took place would suggest that
associated parties are involved, or at least that a common vulnerability
is being exploited in order to retrieve these large numbers of user
data. The number of affected users could also be far higher than
predicted, according to security analyst Imperva, who believes that the
numbers tallied so far do not take into account duplicate passwords,
leading to calls to revisit security measures on such websites and for
users to be more careful with their sensitive data.
LinkedIn
has already advised users to ignore any emails requesting information
and instead to log in to the site directly to change their LinkedIn
password, a message that has been echoed by eHarmony and Last.fm.
However, the recent attack and possibility that more are to follow
should prompt many to reconsider the types of sensitive data they keep
stored on their accounts. BullGuard encourages safe and proper password
use to help reduce the risk of being targeted, and suggests that users
consider the more wide-reaching impact of their account data being
stolen.
In reaction to the recent attacks:
Users
should change the username and passwords for unrelated accounts that
use the same username and/or password as the affected account. As most
people use the same few passwords/security questions for all their
accounts, stolen passwords pose a major security risk.
Change security questions and password on accounts where possible.
Avoid social media applications that ask to access your personal information to allow you to continue.
As much as possible, limit the personal information that you make public on social media websites.
Only download applications that are provided by a trusted source.
Be suspicious of any e-mails that request your personal information no matter how legitimate they may seem.
General advice on how to protect personal details on public networks:
Familiarise
yourself with the security settings and ensure that an account doesn't
reveal too much information to users that haven't been approved to view
it. Also consider whether the information you store online really needs
to be there, or whether it could be potentially used for fraudulent
activity if read by a malicious third-party.
Do not store credit
card details online. Many services have so-called "e-wallet" services
which allow users to store credit card details, in order to make future
purchases fast and easy. This conflict between security and convenience
is a huge dilemma for online services, and should be something end users
consider carefully as well.
Do not use the same passwords and
security questions for all accounts. Most people alternate between 2 or 3
passwords for everything. Consequently, if one account is hacked,
identity thieves have access to all different profiles and accounts.
Ensure that passwords and security questions used for banking and money
transfers are very different from the ones used elsewhere.
If
users mention a child's, pet's or spouse's name on social media sites
like Facebook and Twitter, do not use these for passwords.
Only
make purchases with devices that have security software (minimum
antivirus and firewall) installed such as a home or office PC.
Always ensure that security software is up to date.
General advice on safe password use:
Choose safety over convenience - Since there are so many websites around that require login and password details to access a user account it's all too common to see people adopting straightforward, easy to memorise passwords that could simply be "guessed". A survey by data security firm Imperva analysed 32 million passwords to find the top-ten most commonly used. Five of the top ten were simply sequential digit strings such as "123456", with the remaining including "password" and "abc123".
Avoid personal information, such as a mother's maiden name, favourite pet, birthplace or date of birth when choosing a password. This sort of information is frequently used to confirm authenticity with online banks and services, and could therefore be subject to keylogging and phishing scams.
Use a combination of letters and numbers in a password as well as a word that would be very difficult for a third-party to guess. With a bit of practice it becomes almost second nature to tweak common words in this way to generate a more difficult to predict phrase.
Change passwords as often as possible, particularly in the case of sites that involve frequent or large monetary transactions such as bank accounts, online payment services and commonly used e-retailers. However, it's not usually a good idea to "rotate" a handful of passwords around as hackers can quickly build a list of common words and phrases if they have gained access to a computer.
Other blogposts you may be interested in :
An all together worrying situation, which is only going to increase.Why don't these idiots put their time to good instead my making everyone's lives a misery? Off to change my 50+ passwords now see you in a week!
ReplyDelete