In a recent article by the New York Times, a Russian crime ring has hacked the credentials of 1.2 billion user names and passwords, and amassed more than 500 million email addresses.
What’s different about this type of hack is that it did not just target larger corporations; data was also taken from small websites. The security breach was found by the Hold Company out of Milwaukee, which also discovered the theft of millions of records from Adobe Systems. Other experts have examined Hold’s data and have found it to be credible.
The issue of online security continues to be a hard fought battle. Last October, an identity theft service in Vietnam was found to have taken about 200 million Social Security numbers, credit card data and bank account information for a company called Court Ventures. This company is now owned by Experian.
Individuals and companies still rely on the basic user names and passwords to access databases, websites etc. We access so many online portals these days that the thought that these simple tools are actually protective measures, has escaped us all.
How Did They Do It?
The russian hackers use botnets, a network of zombie computers that have been infected with a computer virus. When an unsuspecting infected user visits a website, the criminals command the botnet to test the vulnerability of the site to a known hacking technique called SQL injection.
If the injection causes the database to return its contents, then the criminals flag the site and return later to extract its contents.
Does This Affect Me?
You may think that this sort of hack would not affect you; you’re too small or insignificant to warrant any attention by these hackers! But if you think you're safe, you could soon discover the potential problems this could cause little old you.
First, the hackers want user names and passwords. They know that the vast majority of people use the same user name and passwords for banking institutions and other financial venues. (C’mon you know you do!) They test the credentials against venerable websites they have found and once inside these accounts, social security numbers and other personal data, especially email addresses, are collected. The hackers typically aren't trying to siphon off money from your accounts, but look to the black market to sell large lists of authenticate user information to other criminal factions.
In early 2013, the Hold Company uncovered a database, collected from several different companies, of 360 million records for sale.
Since this recent hack also attacked small and seemingly insignificant websites, your personal information could be at risk.
What Can I Do to Protect My Data?
First you have to assume your data is at risk at all times. Turning a blind eye or treating the issue with a skeptical eye could land you in a world of hurt.
Your best defense is to create user names and passwords that are unique to that online site. At a minimum change the passwords. The passwords must be of sufficient length and a mix of numbers, letters and symbols. Using a password like “packers88” is not going to cut it.
One technique, if you plan on creating your own passwords, is to use a sentenced turned into an anagram. For example, the sentence:
- When I was five, the dog bit my leg twice – becomes – Wiw5-Tdbmlt
- Long time ago in a galaxy not far away at all – becomes - Ltime@go-inag~faaa!
You still need to document these passwords, and not on your computer, so you can remember them later.
One of the best approaches is to use a Security Password Manager program like Dashlane or Password Safe. These programs make it very easy to create long complicated passwords that you do not need to remember, and can log you in automatically to all the websites you visit. All of your user names and passwords are stored in their system and controlled by one master password.
You should use long complicated passwords for your more sensitive website logins, such as financial institutions, and only assign them once.
If any website offers a two-step authentication process, then activate it and use it. This allows an additional layer of protection.
The bad news is that you really have no idea if your records are out there, and realistically have no way of knowing if they are being used until its too late. Monitoring your financial records closely will help, but taking stringent measures now concerning your passwords, can go a long way in protecting your personal data for would be hackers.
Bill is the CEO and Founder of InTouch Marketing. Bill drives the vision and direction of InTouch except when England's playing in a soccer tournament, because everything stops!