Online Security Breach: Leaked Passwords and Compromised Information
If you follow the news or use the Internet, you have likely heard a lot about recent security breaches of usernames and passwords surrounding popular email and social media accounts. Even some high profile celebrities have been included in these recent breaches with leaks of photos, email and personal contact information. We posted a couple weeks back about a security firm uncovering a massive security breach where a group of Russian hackers had stolen more than a billion username and password combinations. Those stolen username/passwords included over 500 million email addresses and today we discovered a clients Gmail account was one of those 500 million. We received a suspicious email today from one of our customers which included a Google Drive Sharefile attachment. It is very important to always ensure you know what attachments you are opening via email as some viruses can completely wipe clean your system, so as a safety measure we responded to the email. Not 5 minutes later we got a response back, not from the client, but a HACKER telling us to go ahead and open the file!
Here is what the email looked like (customers information has been blacked out for obvious reason)
Now what does this mean for YOU? A few things actually… Most importantly its an important reminder to UPDATE YOUR PASSWORDS if you haven’t in the last 90 days! Also you should be sure you are choosing passwords that are strong and hard to guess.
How strong are your online passwords?
- Passwords should be at least 8 characters in length, the more the better though.
- You should also be using a combination of letters, upper and lowercase, numbers and symbols. For example “PaSSworD!12” is much stronger than “password12”.
- Avoid easy to guess words like your name, company name, kids/relatives/pet names, or other easily looked up information like your birthday or postal code. Obviously avoiding the ever obvious “password” shouldn’t need to be said, even though it was the top password used online in 2011. Check out the top 25 worst passwords of 2011 for more.
- Avoid words that are in the dictionary. Sounds difficult, but there are programs out there that can crack passwords by going through a database of known words. You can easily breakup words by adding numbers and symbols to them to strengthen them as a password, or even come up with a sentence and use just the first letter of each word — for example “tqbfjotld” for “the quick brown fox jumps over the lazy dog.”
- Substitute characters such as using the number zero instead of the letter O, or replace the S with a dollar sign.
- Don’t reuse passwords on other accounts, with a couple exceptions. With almost every site where content is accessed it’s become necessary to create accounts to sign in, many are just for one-time use. It’s fine to use simple passwords and repeat them in this situation, as long as the password isn’t accessing features with credit cards, shop carts or posting on message boards. The other exception is log in using a single sign-on service such as Facebook Connect. Some sites now give you the option of using your Facebook username and password instead of creating a new one. This is safe as it doesn’t technically reuse your password or store your information. Facebook simple tells the site that it is in fact you.
- Use 2 step verification systems or mobile verification when available. Google accounts for example provide a 2-step verification that provides an extra layer of security to your account which drastically reduces the chances of someone gaining access to your personal information. To break into your account a hacker would need your username, password AND your phone, which is hopefully very unlikely.
I think I might have been hacked! What now?
First of all, if you didn’t immediately do so when we said to change your passwords above, GO NOW! We know it can be a really big pain changing and even remembering all of the accounts and passwords you have out there, but start with the most important ones first like social media sites (Facebook, Twitter, Instagram, etc.), emails (Gmail, Yahoo, etc.), and popular shopping sites (eBay, Amazon, etc.) you use often. Make it a priority to change all online passwords for other sites as you use them. Also, it should become common practice to change these passwords frequently. Many of the passwords stolen in the big breach were over 3 years old. Online users who regularly update their passwords are far less likely to experience any security issues. It is also important to have a proper Anti-Virus program on your computer to ensure any viruses, like the ones sent out unknowingly from our clients email account above, can’t cause damage to your system. Not all Anti-Virus programs are created equal and unfortunately the adage “You get what you pay for” comes into play here. There are LOTS of free Anti-Virus programs out there, some are okay, others just give a false sense of security to users until its too late. Your Anti-Virus program should be automatically updated daily, running seamlessly in the background and should protect your web browsing, identity and incoming emails. Most free programs do not update fast enough and just don’t have access to the same virus definitions. If you are experiencing serious issues with your computer that you believe may have been a result of opening a virus, turn off your system and call us!
How can Wilkins IT help me with online security?
In the case of a hack or virus, we can work to restore your computer and close up any present security holes or issues. We also offer extremely affordable Anti-Virus programs that keep you protected in all aspects online. Contact us today to discuss more about the recent security issues and how we can help keep your identity and systems safe.