Did you know with the spate of recent Yahoo and other major social media (LinkedIn, Twitter etc.) data breaches – there is now a real chance that your personal sensitive information including your website login details which you currently use or have used in the past to access such websites (or other sites) can now be easily found online?
Let’s just take a quick minute to give you a rundown of some of the major hacks/breaches over the last few years. You may find some of your personal sensitive information contained within this breached/hacked data. (More on how to find this out below).
Note: These breaches contain some of the following very personal and sensitive information details such as; usernames, passwords, credit card details, dates of birth, answers to security questions, physical addresses, telephone numbers, first and last names, account balances, email addresses etc.
|Company||Approx. Number Of Hacked Accounts||Approx. Year of Breach|
|MySpace (2013)||360 million||2013|
|LinkedIn (2011)||164 million||2011|
|Sony Playstation Network||77 million||2010|
What’s really worrying is that the majority of people use the same passwords for multiple sites from Amazon to Paypal etc. and the answers to the security questions when you forget your password are most likely the same as those contained in the hacked data. To make this crystal clear, should you find your personal information within the data discovered through these breaches, (read on for more on how to check this), this leaves it much easier for a hacker to access a user account of yours on websites you visit that have not been hacked. You may be thinking I have changed my password, but adding an extra number or letter at the start or end isn’t very secure and many hackers may use automated programs to quickly run through these combinations. In addition some hackers may try and reset your password using your security question answers they now may have access to. Read on for some security tips on what you can do.
Note: There are also thousands of other websites that have been hacked that are not listed here nor have been publically reported. See links at the end of this article for more information.
How To Find Out If My Personal Information Has Been Hacked
Not the many are aware but the legitimate website https://haveibeenpwned.com/ allows you to search your email addresses and usernames across over 2 billion hacked accounts to see if they are part of the data discovered in the breaches. Other online websites in the past had offered users the options to pay to see their passwords. We recommend you avoid such “pay to reveal your password” sites and instead begin the process of changing the passwords for all your online accounts and keeping them distinct from each other.
Do not trust any website that asks you for payment in return for removing your details from the database of data breaches. The removal will only occur from this copy of the database and not occur from the other copies of the database available on the dark Internet so probably best to just change your passwords and make them complex (as noted below).
Top Tips To Help Protect Your Personal Information
1. Change your online passwords regularly and make them, unique, longer and more complex
For passwords, we recommend you use uppercase, lowercase, numbers at a minimum and have minimum password of 8 characters or more for all sites and recommend using special characters if you can e.g. @ symbol could be used instead of the letter “a” in a password. We recommend do not use a word you can find in the dictionary. Many security experts recommend using a phrase e.g. NinetyNineRedBalloons3579 or even better add in numbers or special characters that would make it a lot harder to crack (99RedB@110n53579) but bit easier to remember with some of practice.
We recommend that you ensure that your passwords for each website are not the same and you change them regularly. I know it can be hard to remember different passwords for different websites but it is worth doing and there are tools that can help (see below).
Top passwords from the 2012 LinkedIn Password Breach
The most widely used passcode was 123456, across 753,305 accounts. It was followed by LinkedIn across 172,523 accounts, the next highest were password, 123456789,12345678 and 111111.
Below are some the commonly used passwords from the hijacked twitter password database
123456 / 123456789 / qwerty / password / 111111 / 9-11-1961 / 1q2w3e4r5t / gfhjkm / qwerty123 / iloveyou / 123qwe / abc123 / 1q2w3e / 987654321 / samsung
Think of all the websites that you might use (Gmail, Hotmail, Outlook.com, Yahoo, Utilities (Electricity & Gas), Meteor, Amazon, EBay, Facebook, Paypal, Twitter, Tesco, Clothes Sites, TicketMaster, TripAdvisor, Ryanair, Insurance sites, Groupon, Pigsback, LivingSocial, and so on) and ensure passwords are not the same.
2. Use a Password Manager Tool To Help You Remember Passwords
Many end users don’t realise saving passwords within your browser (e.g. Chrome and Internet Explorer or Firefox etc.) is not a safe practice as these passwords can in most cases be easily read through freely available online apps or by viruses or malware. To help you remember all your passwords you can use online password manager tools like LastPass www.lastpass.com or Dashlane www.dashlane.com to allow you to generate and save all your passwords in one location that you access with one long complex master password rather than saving them within your browsers. These services can then auto-populate your login details into the websites you visit saving your time and your memory. LastPass for instance is an online service available on all common platforms and while they have extremely good security you may prefer to store all your passwords in a secure offline database on a device you own. If so, then you can download a free program that you store on one computer e.g. http://keepass.info/ is one of many free ones available. This provides similar functionality but make sure you make a regular backup of it and your files.
3. Use Two Step/Factor Authentication Where Possible
Many popular online services such as Gmail, Microsoft etc. offering 2 step verification. This is where you type a username/email address and password to login after which a text or phone call comes to your smart phone with a pin code which you must also enter to the website to gain access. This feature is often not enabled by default so check your account settings once you are logged in and see if there is an option to turn it on.
4. Additional Tips to Protect Yourself Online
- Review your security information across all websites you have a login for and if possible change the security questions and answers across sites, especially those that you were signed up to but which you know now to have been previously hacked.
- Delete accounts on websites that you no longer use.
- Keep an eye on your debit and credit card bank statements to ensure your cards aren’t being compromised. If they are cancel them and get new ones.
- Ensure you have professional, paid, next generation Antivirus and Web Security software on your computer.
- Beware of spam emails from trusted sources.
- Keep an eye out for fake; LinkedIn email invitations, Dropbox invites, Google Drive invites, Facebook emails, Twitter emails, Revenue, Customs etc.
- Keep an eye out for links in your Facebook and Twitter feeds, comments and posts as many can contain links to hijacked or infected websites.
- Don’t click on any Ads on Facebook or elsewhere and where possible download and install a free Advert blocker to each one of your browsers (e.g. Ad Block Plus) as some Adverts you don’t even have to click on to get infected.
- Don’t click on any email links without hovering over the link first to see where it takes you before you click it.
- View all attachments with caution. Don’t open any attachments that you aren’t expecting.
- Regularly backup your files to another device or location (that remains disconnected from your computer).
5. Important Tips for Businesses
Three of the most important steps businesses can take, are to implement:
- A Cyber Security Awareness Staff Training Programme to regularly educate and train your staff on how to identify bogus emails, bogus websites requesting usernames, passwords or sensitive information, then test your staff with simulated emails etc.
- An internal Cyber Security process that helps you keep up-to-date on the latest security threats and allows you to develop and implement multiple layers of protection that strengthen the vulnerable parts of your network, desktops, laptops, servers, phones etc. against those threats. This will help to prevent viruses and hackers from stealing your critical data.
- A tried and tested backup, disaster recovery and business continuity process that will not only backup all your critical servers and data every few minutes if required but will also allow you to quickly recover your data and maintain operations should your servers fail or an attack hit your network. This will also save you having to pay cyber criminals when (not if) you get hit with a cyber attack.
6. How Tech Guard Can Help
Here at Tech Guard we have partnered with one of the world’s leading cyber security awareness companies and we bring our clients employees through online training that educates them on how to stay safe online. We then randomly send them simulated emails to try catch them out thereby keeping them on their toes and cyber security aware all the time. We also act as the cyber security specialists for our clients, strengthening their internal network security practices to help defend against the latest cyber threats.
Contact us today to see how we can help you bolster your internal cyber security practices to reduce the risk of your business being financially impacted by the latest cyber threats. Visit https://www.techguard.ie for our full list of cyber security, backup and disaster recovery and IT continuity services.
Other Useful Information Sources: