On December 3, 2013, security company Trustwave discovered that over two million user passwords for popular online services like Facebook, LinkedIn, Google, Twitter, Yahoo, and 93,000 other websites had been stolen. Chances are high that you use one of the services that had been hacked. Is your personal information at risk?
All of the passwords were stolen from users’ computers and stored on a server in the Netherlands. The misappropriation of these passwords was the work of a botnet called “Pony.” The botnet primarily collected the information through email phishing scams, and it was discovered that data in this password cache belonged to users from all over the world, well over 100 countries. The data collection campaign appears to have been amassing login credentials since October 21, and it’s our on the net collecting data.
Trustwave immediately informed every company affected by the data breach. The hacked companies reset the passwords of all the affected accounts and notified the affected users of the breach as soon as they were made aware. The website with the most passwords stolen was Facebook with 318,000, however the hacked company that possesses the biggest risk to businesses is ADP, which is a popular payroll management company. ADP commented about the hack of 8,000 of its passwords and stated that, “To our knowledge, none of ADP’s clients has been adversely affected by the compromised credentials.”
Have You Been Hacked?
If you haven’t been notified yet of the hack, then your password most likely hasn’t been compromised. The big takeaway from this news story is realizing how important password security is. Poor password management can put your business in serious jeopardy. For example, if you use the same or similar passwords on all of your online accounts, and a phishing scam like this stole your password, then every account you manage would be compromised.
Here are a few tips that will help keep your accounts safe from hacking:
Use Complex Passwords: Using complex and impossible to guess passwords for all of your accounts is one of the most fundamental variables of protecting your sensitive information that is stored externally.
Keep Your Software Updated: The value of updating your software (especially your antivirus software) is that the updates include security patches for the latest virus definitions that will protect you from new viruses that weren’t previously protected against. Running outdated software will leave your system and data vulnerable.
Change Your Passwords Frequently:Don’t wait until you receive a notification that you’ve been hacked to change your password. It’s best practice to stay out in front of evil doers by changing out your old passwords for new ones every few months.
Use Multi-Factor Authentication: Many services like Facebook and Google require users to use multi-factor authentication. This greatly improves security by adding an extra step to the login process. The most common way this is accomplished is with a two-factor authentication procedure where you first enter your password, and then you will receive a text message on your cell phone containing a unique code that gives you access to your account.
Be Aware of Phishing Scams:Your email inbox gets hit with scams every day (less frequently if you use appropriate front end security), and there are malicious sites all over the Internet that could infect your computer with malware. You need to educate your staff on what to be wary of when using the web as well as what acceptable use of the internet in your office consists of.
One of the most important steps you can take to protect your business from identity theft is to have a reliable network security solution. Quikteks’s Unified Threat Management (UTM) tool is the strongest security solution we offer. UTM can provide your network with a bullet-proof firewall, along with content filtering capabilities to protect your system from malicious websites. To batten down the hatches on your network and keep your passwords safe from hackers, give us a call today at PHONENUMBER.