Directive Blogs
2 Million Passwords Stolen! Have You been Hacked?
On December 3, 2013, security company Trustwave discovered over two million stolen user passwords for popular online services like Facebook, LinkedIn, Google, Twitter, Yahoo, and 93,000 other websites. There's a high probability that you use one of the services affected by the hack. Is your personal information compromised?
These passwords were stolen from users' computers and stored on a server in the Netherlands. The collection of these passwords was the work of a botnet called "Pony." The botnet primarily collected data through email phishing scams, and it was discovered that data in this password cache belonged to users from 102 different countries. The collection campaign appears to have been accumulating login credentials since October 21, and it's likely still active.
Trustwave immediately notified every company affected by the hack. The hacked companies reset the passwords of the affected accounts and notified the affected users of the breach. The website with the most passwords stolen was Facebook with 318,000, however the hacked company that possesses the biggest risk to businesses is ADP, which is a popular payroll management app. ADP commented about the hack of 8,000 of its passwords and stated that, "To our knowledge, none of ADP's clients has been adversely affected by the compromised credentials."
Have You Been Hacked?
If you haven't been notified yet of the hack, then your password hasn't been compromised. The big takeaway from this news story is the importance of password security. Poor password management can put your business at serious risk. For example, if you use the same password on all of your online accounts, and a phishing scam like this stole your password, then all of your accounts would be in jeopardy.
Here are a few tips that will help keep your accounts safe from hacking:
Use Complex Passwords: Using complex and impossible to guess passwords for all of your accounts is one of the most fundamental variable of protecting your sensitive information.
Update Your Software: The value of updating your software (especially your antivirus software) is that the updates include security patches that will protect you from known viruses. Running outdated software will leave your system vulnerable.
Be Mindful of Phishing Scams: Your email inbox gets hit with scams every day, and there are malicious sites on every corner of the Internet that could infect your computer with malware. You need to educate your staff on what to look for when using the web.
Cycle Out Your Passwords: You don't have to wait until you receive a notification that you've been hacked to change your password. It's best practice to cycle out your old passwords for new ones every few months.
Use Multi-Factor Authentication: Many services like Facebook and Google offer users multi-factor authentication. This adds an extra step to the login process that increases security. The most common way this works is with a two-factor authentication procedure where you first enter your password, and then you will receive a text containing a unique code that gives you access to your account.
One of the best steps you can take to protect your business from identity theft is to have a reliable network security solution. Directive's Unified Threat Management (UTM) tool is the strongest security solution we offer. UTM can provide your network with a bullet-proof firewall, along with content filtering capabilities to protect your system from malicious websites. To batten down the hatches on your network and keep your passwords safe from hackers, give us a call today at 607.433.2200.