![]() That’s four days when weak passwords may have already been cracked and reused to compromise accounts using the same credentials - again, the inability to trust third parties to be responsible is another reason never to reuse passwords. It’s noteworthy that Kickstarter learned of the breach through law enforcement officials the preceding Wednesday it took them four days to notify its users. Account holders received an email claiming that usernames, email addresses, mailing addresses, and encrypted passwords were stolen but credit cards were not. ![]() 15, 2014: The popular crowdfunding platform Kickstarter was breached resulting in the theft of account information and personally identifying information. Note that this is a cumulative figure for three weeks of February and is comprised of several smaller breaches, but the scale is still significant and substantial. Additionally they reported a sum of 1.25 billion email addresses were for sale which can be compromised by phishing attacks. 25, 2014: Security firm Hold Security reported a total of 360 million account credentials in the first three weeks of February were made available for sale on black market websites that specialize in these trades. I’ll be doing my best to keep this list up to date including filling in gaps by researching past incidents. They honestly make one’s life simpler ( memorize one or two strong passwords versus memorizing and inevitably forgetting tens or hundreds of weak ones) and it’s far easier to respond to these increasingly common account credential thefts. Therefore my primary motivation in making this list is to provide a long list of reasons to adopt password security practices such as mine. It took me all of a minute to lock my account back down with a new 100-character random password and no other account was ever at risk. In fact it was news that Kickstarter was hacked and account credentials were compromised today that prompted me to begin this list. It continues with gathering up one’s online accounts and changing the passwords to unique, random, and strong passwords using the password database software. The process starts with using a password database manager like KeePassX or LastPass (and if one chooses an offline solution like KeePassX it’s wise and not inconvenient to use encryption and cloud syncing to make things easier without sacrificing security). I’ve written several articles on ways to mitigate risk and make it very easy to respond when such a theft happens. Over the past few years one cannot follow technology news without feeling that the rate of account credential theft including passwords, encrypted or not, and personally identifying information has been accelerating.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |