Username And Password Hacked, Security Breaches & Credit Card Intrusions: Headlines

 

I Read The News Today (Oh, Boy): Let’s start off with headlines from late 2014 (but it could just about be any period) that should motivate you to get your password management strategy under control.

Scared Straight
Scared Straight

Scare Tactics: More accurately, my goal is to scare you into upgrading your password management system. I do not condone hackers, but they are very good, and often quite impressive, at their craft.

Username And Password Hacks

 * October 2014 China employs ‘Man-in-the-middle’ technique to hack the new iPhone release. This method involved Chinese hackers compromising the connection (IP hijacking) between the user and the intended site and redirecting all traffic through their servers before allowing data to proceed to the ultimate destination. The hacker glean the user names and passwords before sending the user to the proper URL. The user never knows their data has been compromised. In 2010, China drove15% of all Internet traffic through Chinese servers on their way to their ultimate destination for 18 minutes.

* August 2014 Hold Security revealed that a Russian cyber-gang stole 1.2 billion username and password combinations. That is roughly one-third of all user passwords on the net. Equally impressive (to some) is that they had to hack over 400,000 Web and FTP sites to accomplish this.

* August 2014 A number of Hollywood celebrities had their cloud accounts hacked by a combination of social engineering, cracking the password and/or using Apple’s “Forgot my password” route. Compromising photos were taken from their accounts and posted to public forums. You don’t want this to happen to you.

* August 2014 One hundred and fifty North Carolina State University students had their user/passwords hacked. While this number is very small, the solution reached by the university was large. They decided to implement Two Factor Authorization.

* July 2014 50,000 WordPress sites hacked via a plug-in vulnerability.

* May 2014 eBay issued an advisory to its customers to change their passwords due to a cyber-attack that compromised a database holding non-financial data. According to eBay, the compromised database held the following factors: Customer name, encrypted password, email address, physical address, phone number and date of birth.

* December 2013 Snapchat has 4,600,000 usernames and numbers hacked.

* October 2013 Adobe reports 153,000,000 users hacked; they said that “passwords probably weren’t encrypted.” Well… more accurately, ‘your’ password wasn’t encrypted.

* August 2013 Evernote confirmed a breach and admitted that those responsible were able to gain access to user information, including usernames, email addresses associated with Evernote accounts and encrypted passwords.

While those headlines are bad, I didn’t even discuss the Shellshock or Heartbleed vulnerabilities. who knows what breaches weren’t reported, or worse, what information has been stolen that even the company doesn’t know about yet?

Credit Card Hacks

“The toe bone connected to the heel bone,
The heel bone connected to the foot bone,
The foot bone connected to the leg bone,
The leg bone connected to the knee bone,
The knee bone connected to the thigh bone,
The thigh bone connected to the back bone,
The back bone connected to the neck bone,
The neck bone connected to the head bone”

TTBCTTHB
‘Dem Bones – James Weldon Johnson

It’s All Connected: Second, here are a few recent headlines about debit and credit card hacks and cyber-attacks. Whether a corporate intrusion or a data breach, they are all connected. It starts with hack at a company, and by the time all the dominoes fall, your password has been compromised.

Security Awareness

Security Awareness

Who’s Aware? Notice the month and year where these occurred, indicating the high frequency of hacks. By-the-way, October is National Cyber Security Awareness Month:

* October 2014 White House hacked. If they can be breached, can you?

* October 2014 JP Morgan Chase & Company reports a data breach possibly impacting 83 million customers.

* October 2014 The Washington Post confirms a long running campaign by skilled Chinese government hackers, to exploit U.S. companies and their databases.

* October 2014 ZDNet reports that the average company is compromised every four days.

* October 2014 Snapchat had almost 98,000 pictures hacked and posted.

* October 2014 Kmart’s IT team announced that their payment system had been compromised, without disclosing the actual number of customers impacted.

* August 2014 The Wall Street Journal reports a hacker gained access and uploaded malicious software to a server that is part of Healthcare.gov. PhishLabs, a cyber security company states that stolen health credentials sell for approximately $10 per record; which is 10 to 20 times the value of a U.S. credit card number

* August 2014 Home Depot reports a new set of stolen credit card numbers may have originated from their stores.

* August 2014 Hackers, annoyed at Sony PlayStation, initiated a Distributed Denial of Service cyber-attack which brought down the Sony network. And just to prove how annoyed the hackers were, they also hacked Sony headquarters, found the itinerary of the president of Sony Online Entertainment, then called in a bomb threat to American Airlines that the Sony president was flying that day. Of course this is the same Sony that was hacked for over 77 million user accounts in 2011.

* August 2014 The Secret Service and Homeland Security release a warning that over 1,000 business have had intrusions and data stolen in the last year.

* August 2014 UPS reports that data from 51 UPS Stores, including customer names, addresses, email addresses and emails were compromised.

* August 2014 Albertson’s reports that Albertson’s Acme, Jewel-Osco, Shaw’s, Star Market supermarkets, SuperValu’s Cub Foods, Hornbacher’s, Farm Fresh, Shop ‘N Save and Shoppers Food & Pharmacy all ‘encountered’ a data breach. Albertsons failed to state how many customers were impacted. In September of 2014, they reported that the intrusion was greater than first reported.

* April 2014 Michaels Stores report that over 3,000,000 accounts including credit and debit cards, with expiration dates, were hacked.

* March 2014 Washington Post reports over 3,000 companies have had a cyber attack.

* January 2014 Neiman Marcus noted that 1,100,000 customer credit and debit cards may have been compromised from July to October.

* November 2013 Target suffered a record-breaking hack of at least 40,000,000 credit and debit cards.

 Pessimist: “Oh, this can’t get any worse!”
Optimist: “Yes, it can!”
PoTcGaW!OyIc!
Author Unknown

There Is More: In August of 2014, it was revealed that 4.5 million patient records were hacked from a health care system. I know it is not your password, but they stole “patient names, addresses, birthdates, telephone numbers and social security numbers,” and, besides using that information to illegally secure credit cards, that data can be the foundation to start guessing your Username and password.

And More: As a bonus, the 2014 USENIX Security Seminar reported that six computer experts with the University of California campuses at Berkeley, Santa Barbara and San Diego, estimate that up to 10 percent of the almost 50,000 Chrome extensions could be labeled malicious or suspicious.

And More: Sometimes it isn’t the hackers… In August of 2014, a Mozilla director announced that 76,000 users had their email address exposed via a database dump which also contained 4,000 encrypted user passwords. Also in August of 2014, a former AT&T employee breached a customer database and allowed access to customer information including Social Security numbers.

Wait, There Is Even More: The 2014 Center for Strategic and International Studies report, completed in partnership with McAfee, estimates between $100 billion – $400 billion of the cybercrime’s cost to business.

Who Has Better Security? You Or A Big Company? Now if you think for a minute that your current user/password combination is safe and known only to you, you had better think again. Also, even though these major companies were hacked and breached, their security is probably substantially better than the security you are currently using on your computer. This is one reason why you have to be diligent in creating unique passwords for every site.

Password Hint – Set Up Credit Card Usage Alerts: I contacted our various credit card vendors and all now send an email to me every time a charge occurs.

Password Hint – Check Your Monthly Statements For Suspicious Activity: Hackers are likely to test credit cards with very small charges to see if you are paying attention. If they can still access your card, they simply increase the amount of the charges.

 Scared Straight Again

Scared Straight Again

Scared Straight, Yes… You: Obviously the intent of this section is to absolutely scare you straight onto the path of better password security.

You can learn how to protect yourself by creating a better, more secure password. The details are covered in the book below.

Password Security Tips

Comments

comments





error: Content is protected !!