You log into Facebook to warn everyone, and notice your last couple of posts from you… weren’t – from – you. Your Facebook account has been hacked!
Stressed, you go for some shopping therapy: Your bank card doesn’t work. Your bank account has been hacked!
You’ve been hacked!
How did this happen? What allowed hackers to gain access to your accounts?
There are a variety of vulnerabilities:
- Bad passwords
- Duplicate passwords
- Security questions
When a site gets hacked, the hackers steal the username and password credentials. They can sell them on the black market, or try those same combinations to get into other accounts. LinkedIn made the news last Spring when they admitted the login credentials of 117 million users were sold on the black market. Yahoo had data associated with more than one billion user accounts stolen.
A tech security company, ARS Technica, had a list of 16,000 passwords, and ran an experiment with a team of security specialists and good guy hackers. They uncovered 90% of the passwords in under one hour. They found that people who don’t know each other use very similar, and in some cases, identical passwords for the same sites.
After compromising one account, hackers will try the same username/password combination on other accounts. They could try variations on the password. They could go from account to account to account. For example, with your LinkedIn credentials they get control of your Shaw email account. That Shaw account is linked to your bank account. Using the password recovery process on your bank, they could get control of that account.
Consider your home: You cannot guarantee that no one will ever break in. But, you take precautions to minimize opportunities. Leave lights on when you are out. Don’t let the mail or newspapers pile up when you are away. Don’t let trees and shrubs obscure your windows. Don’t keep the key under the front mat. Like protecting your home, you want to make it difficult for hackers to gain access to your accounts. You want to minimize the opportunity. Tools like a strong kick to a door, crowbar, and lock pick are used by the house thief.
Hackers have their tools, too. One type of software program is called Brute Force and as the name implies, this is software that tries a wide range of possible combinations to break in. Other programs use Artificial Intelligence to determine passwords from your habits and social media posts. Keystroke loggers covertly track everything you type on your keyboard, including passwords, and discretely sends them to hackers.
What steps can you take to protect yourself? Read more on our blog over the next couple of months as I outline how. Or, join us for a talk in our office on Friday the 13th. Click to Register…