2012: The Year of Massive Security Breaches

security breach
Facebooktwittergoogle_plusredditpinterestlinkedinmail

You might have noticed some disturbing security news last week: Yahoo reported that over 450,000 email usernames and passwords were stolen from the company’s databases by hackers and posted on the file-sharing account Pastebin.

Apparently Yahoo had stored these usernames and passwords without any encryption at all, making it very easy for hackers to steal them.

While having one’s email account hacked is bad enough, the news is actually worse than it sounds. Many of the hacked usernames and passwords were identical to those used in other website accounts, such as PayPal or online banking accounts.

So hundreds of thousands of Yahoo users not only had their personal email accounts compromised, but potentially many other accounts as well. If you have a Yahoo account, now would be a good time to change your password.

Security Breaches Galore

2012 has been an epic year for security breaches, with 189 incidents through only the first half of the year. These security breaches have exposed a jaw-dropping 14 million records.

Our friends at the Identity Theft Resource Center (ITRC) have compiled a list of the biggest ones in addition to the Yahoo security breach, which are below:

  • Last Thursday, the social media site Formspring announced that hackers had posted passwords for 420,000 accounts online.
  • Last month, LinkedIn reported that over 6.5 million user passwords were compromised.
  • The New York Electric and Gas Co. had over 1.8 million files exposed that contained Social Security numbers, dates of birth, and bank account numbers.
  • The Utah Department of Technology Services had nearly 800,000 medical account passwords stolen by hackers out of Eastern Europe.
  • Emory Healthcare, Inc. lost track of more than 300,000 patient records. A class action lawsuit could cost the hospital $200 million.

The Key to Secure Accounts: Strong Passwords

One thing you can do to help secure your online accounts is to use strong passwords. Yahoo reported that less than 5% of the hacked accounts used strong passwords.

As a rule, you should use a different password for all of your important online accounts, such as your online banking accounts, PayPal, and main email account. If you are using the same password for every website, no matter how strong it is, it’s not a good password. If a hacker finds out your password, they now have access to all your online accounts.

Below are some good tips for creating strong passwords:

  • Aim for a middle ground in terms of passwords: strong enough to thwart hackers, but easy enough for you to manage.
  • Choose a phrase that only makes sense to you or use an actual sentence with spaces in between words, like “Peyton Manning is my favorite quarterback” or “New York City is cold in the winter.” It’s easy to remember a phrase like that, but a hacker would only see a forbiddingly long password sequence.
  • Choose a shorter phrase in a language other than English, and add numbers or characters to it.
  • Use a complex password that contains numbers and special characters (such as “&” and “%”). Use both upper and lowercase letters as well.

 

Get Private Wifi   Protect your personal information.
Get DataCompress   Cut your mobile data usage.

Kent Lawson

Kent Lawson is the CEO & Chairman of Private Communications Corporation and creator of its flagship software PRIVATE WiFi. He combined his extensive business and technical experience to develop PRIVATE WiFi in 2010. The software is an easy-to-use Virtual Private Network (VPN) that protects your sensitive personal information whenever you’re connected to a public WiFi network. Follow Kent on Twitter: @KentLawson.

  • Steven

    I find it mildly amusing when someone thinks a strong complicated password is all one may need, when the truth is strong passwords do not replace the need for other effective security controls. It has been proven true time and time again. To be best protected with online accounts, people need to look for websites and organizations who offer two-Factor Authentication technology and activate it. This way they can telesign into their account by entering a one-time PIN code which is delivered to your phone via SMS or voice. For me, this gives me the confidence that my account won’t get hacked and my personal information isn’t up for grabs.