When Your Friend’s Data Gets Hacked, YOU Are at Risk. Here’s How…
In 2012 Yahoo got hacked, and 450,000 passwords and usernames were swiped. It wasn’t Yahoo itself, but one of its affiliates.
What’s worse, this happened right on the heels of an earlier spree of humiliating database break-ins just a few weeks ago. Major online companies such as LinkedIn, eHarmony, and Last.fm (a membership music site) had their users’ information compromised and put nearly 10 million people at risk.
Between Yahoo, LinkedIn, eHarmony, and Last.fm, there’s a good chance you, or someone close to you was victimized in these invasions.
Better go change your passwords; and tell your friends, too.
Learn to Manage Your Privacy
The System Does Not Respect
Your Needs or Wishes
The theme behind Yahoo’s break in was similar to LinkedIn’s and many others, both private and government: this leading Internet company gladly took the personal information of millions of trusting users and then went onto ignore Internet security “best practices” protocols.
Why so sloppy? Quite simply, it’s apparent that our private lives are not respected by those who seek, profit from, and demand to retain all our information. Instead, our confidential lives are treated like bulk commodities, haphazardly piled in what amounts to a drafty cyber warehouse.
We’ve shared various tools to safeguard your privacy and create strong and secure passwords in past Executive Bulletins
. Our Ultimate Guide to Low-Profile Living
goes into it in much more detail, and also shows you how to get more anonymity in today’s surveillance world.
The next logical step after reinforcing your own passwords is to firmly request that everyone you know also adopt strong and secure passwords in their private and business life. Why?
If your friends, family, or associates use weak password management, it can actually put YOU at risk too.
One Single Point of Failure
Can Unravel Your Life
Today we keep a lot of information electronically and accessible online. This adds convenience to our lives, but may also create one single point of failure. Crack one code, and crooks quickly hold the keys to your personal kingdom.
When analyzing compromised passwords, researchers find, time and again, that people use the same or similar passwords across multiple accounts.
This happens because we need to create, memorize, and use dozens of passwords just to get through a typical week. It’s tedious. So, many take the easy route, and re-use the same passwords.
This is horrible from a security standpoint. It’s like using the same key for each of your cars, your house, your office, and your safe!
In Yahoo’s case, they made things worse in two specific ways…
First, all the usernames and passwords were themselves NOT encrypted. Simply put, the database, and all information within the database should have been independently encrypted; adding multiple layers of protection.
Imagine you own a safe, and then you added more security by redacting or encoding each file found inside your safe. Therefore, even if your safe was broken open, the files inside would still be useless to the criminals.
This is a “best practice” in the electronic database world. Apparently, Yahoo didn’t think this simple precaution was worth the trouble, and now over 450,000 usernames and passwords are completely exposed.
Second, Yahoo allowed members to access their account by using their same Hotmail or Gmail password and usernames (this is a disturbing trend promoted by many online companies, not just Yahoo).
Think about it for a second, and you realize this is nuts! It’s no different than using the exact same password for multiple accounts!
It’s a Small Online World after All…
If your friends are at risk, you’re probably at risk too. Here’s how.
Consider this: a business partner of yours uses web-based e-mail. Part of the service includes an address book where he keeps your home address, phone number, and maybe a few quick notes about your spouse, birthday, and children’s names.
If this web-based e-mail company is compromised, and crooks get a hold of his password and username, they’ll be able to get into his account and learn a lot about him. While inside his account, they’ll also learn a lot about you through the info stored on the address book and the e-mails you send each other.
This scenario can also be played out in social networking sites like Facebook and LinkedIn (smartphones and home computers, too).
Law enforcement does this all the time in its investigations (or warrantless dragnets). When they demand records from companies like Google, they’re not only interested in their targets, they’re also interested in the targets’ associates. Crooks have the same motivation.
How will they use your friend’s data about you?
One way that comes to mind is “social engineering” through an e-mail phishing scam. For instance, impersonating your friend in order to extract some important information from you, or vice-versa. In any case, dirty hands get a hold of your personal, private, and confidential business.