With passwords failing us, it’s time for consumers and businesses to step up security.
Recently, news surfaced that security researchers have found a database with well over a billion usernames and passwords on it that was being circulated around the dark web. A hacker’s playground, the dark web has long been known for those dabbling in cybercrime, so the report should hardly be surprising.
Particularly considering the number of high profile data breaches disclosed in the past year alone, from Yahoo and Uber to Equifax and everything in between – in fact, there is a full list on Wikipedia. Perhaps most alarming is that the username and password combinations have been decrypted, meaning they are available to freely scroll through in clear text format.
The divulgence of such a database should be seen as a wake-up call to anyone who uses simple passwords to protect accounts that could link to personal information that could be used for fraud in the wrong hands. We alluded to it in an earlier post about trends to watch in 2018, stronger authentication needs to be taken seriously in the years to come. When all else fails, as we know historically what users have been like with passwords and trumping best practice security advice with convenience, organizations should take the steps to protecting customer data by encrypting it using the highest standards.
As seen with the dark web database, cybercriminals usually pick the low hanging fruit and take the path of least resistance when it comes to exploiting vulnerabilities. Therefore, they can buy credentials cheaply on the dark web and use the information to compromised accounts and gain access to personal details – even if the success rate is low, the payoff can be potentially very high.
Personal information leaked through websites can be used to fraudulently set up credit cards or open other accounts in an unsuspecting victim’s name. But if strong encryption is used to protect credentials and personal information, nefarious actors will move on to something easier.
The moral of the story is – don’t get caught out by the bad guys! Beat them at their own games: use stronger authentication methods for your important accounts and choose to deal with organizations who you know are taking the security of your personal data seriously.
After all, it will soon be mandatory with the European General Data Protection Regulation (GDPR) on the horizon. But don’t wait for that day, start taking responsibility for accounts little by little, day by day. A good way to check if your account usernames and passwords have been exposed is to list your email address with Have I Been Pwned, which will automatically alert you to any databases your compromised details might appear on.