Last Updated on by
Do you have time to waste, or want the stress of having to recover access to your accounts, or to handle the fallout from identity theft? If not, then continue reading to learn why you’re at risk, and how to reduce such risk from identity theft and compromised accounts.
Stolen credentials are as valuable as cash to cybercriminals. Whether they sell the stolen data or use it to takeover accounts, a single data breach can result in years of profit if cybercriminals are able to infiltrate multiple accounts.
Data breaches have exposed users’ personal information, such as e-mail addresses, passwords, names, addresses, social security numbers, dates of birth, and credit card information.
Some notable data breaches/leaks where customer information was exposed are:
Equifax Credit Reporting (143 million), US Office of Personnel Management (OPM) (22 million), JP Morgan Chase (76 million), T-Mobile (2.5 million), eBay (145 million), Marriott (500 million), Yahoo (3 billion), Orvibo IoT Smart Home Devices Leaked 2 Billion Records, 5 million personal records belonging to MedicareSupplement.com exposed to the public.
In addition to data breaches/leaks, phishing attacks are becoming increasingly sophisticated and that’s just the tip of the iceberg.
Phishing is a fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details by disguising oneself as a trustworthy entity in an electronic communication. A phishing attack could even come from someone you know, without their knowledge, if their account or system was compromised.
Bad Password Hygiene
The problem with stolen credentials, which is the number one cause of compromised accounts every year, stems from Internet users using the same, or similar, passwords across multiple accounts.
If you’ve used the same password, or a similar password, for your e-mail account that you’ve used on Web sites that were breached, then it’s a trivial exercise for a cybercriminal to take over your e-mail account. And once they have access to your e-mail account, then all your other accounts are fair game. They’ll search your e-mail to determine which Web sites you’ve registered with, then request password resets from those Web sites, which gets sent to your now compromised e-mail account.
Identity theft is the deliberate use of someone’s personal data, usually to gain a financial advantage in the other person’s name, or to harm the person whose identity has been assumed.
Once identity thieves have your personal information, they can drain your bank account, run up charges on your credit cards, open new utility accounts, or get medical treatment on your health insurance. An identity thief can file for a tax refund in your name and get your refund. In some extreme cases, an identity thief might even give your name to the police during an arrest.
To learn more about identity theft, check of the Federal Trade Commission’s site at: IdentityTheft.gov.
What Can You Do to Protect Your Accounts?
Nothing is 100% foolproof, but using multiple layers of protection is the best way to protect your online accounts.
At a minimum, you should use a uniquely strong password for every Web site. A strong password consists of 12 or more characters, with upper and lower case letters, numbers, and symbols. Alternatively, you can use a passphrase, like a sentence from your favorite book. If you use a passphrase that’s just alphabetic characters, then the phrase must be at least 20 characters.
In addition, enable Multi Factor Authentication (MFA), also referred to as 2FA (Two Factor Authentication). MFA/2FA requires something more than just a username & password to log in, e.g., a text message to your phone, a PIN, or an authenticator device/app that generates a one-time code.
Best Practices for Protecting Your Accounts
Your time is valuable. Trust that it’ll take a lot longer to recover access to your accounts, if that’s even possible, than to make some changes before you get hacked:
- Enable MFA/2FA on all accounts that have that option. An authenticator app is preferred over text/SMS messages.
- Generate new strong passwords for all your accounts and use a password manager to store your passwords. Make sure to use a very strong passphrase to access your password manager. This is key, because if a bad actor gets your master password, then they have access to all your passwords.
- Do NOT let operating systems, browsers, or your Google Account save your passwords.
- Do NOT click links or open attachments in unsolicited e-mails. It could be an attempt to phish you, or install malware on your system.
- Create a new e-mail account that you never use for any Web sites, then set the new e-mail address as your recovery e-mail address for all your accounts.
- When you set up responses to security questions on Web sites, do NOT use information that may have been exposed in a data breach, such as current or previous addresses, your date of birth, names of family members, previous schools, etc.
- Never give out personal, banking information, or passwords in response to an unsolicited phone call, e-mail, text message or fax, even if the caller or sender identifies themselves as being from a trusted source, like your bank or credit union.
- Make sure that all your devices, operating system, and software applications are fully patched and up-to-date.
- Follow the Principal of Least Privilege by never running as an administrator/root user unless absolutely necessary.
One cannot escape the fact that data breaches have already exposed your personal information, and will continue to happen.
My hope for you is that you make the effort to understand, implement, and share what you’ve learned to protect yourself, and others, from the fallout of data breaches, phishing attacks, and identity theft.
- LastPass Password Manager
- Google Authenticator
- Principal of Least Privilege
- The 18 biggest data breaches of the 21st century
- Search: Biggest Data Breaches
- How a trivial cell phone hack is ruining lives: This is a personal security red alert.
- The Scrap Value of a Hacked PC, Revisited
- Hackers gain access to millions of T-Mobile customer details (2.5 million)
- Phishing (Wikipedia.org)
- Whitepaper – Understanding the Underground Market for Stolen Credentials
- Identity Theft | Consumer Information
- Threatlist: 68% of Overwhelmed IT Managers Can’t Keep Up with Cyberattacks
- Hackers Stole our Camera! Learn to Protect your Gear & Photos
- Protecting Against Ransomware Attacks: A Checklist