You might have noticed some disturbing security news last week: Yahoo reported that over 450,000 email usernames and passwords were stolen from the company’s databases by hackers and posted on the file-sharing account Pastebin.
Apparently Yahoo had stored these usernames and passwords without any encryption at all, making it very easy for hackers to steal them.
While having one’s email account hacked is bad enough, the news is actually worse than it sounds. Many of the hacked usernames and passwords were identical to those used in other website accounts, such as PayPal or online banking accounts.
So hundreds of thousands of Yahoo users not only had their personal email accounts compromised, but potentially many other accounts as well. If you have a Yahoo account, now would be a good time to change your password.
Security Breaches Galore
2012 has been an epic year for security breaches, with 189 incidents through only the first half of the year. These security breaches have exposed a jaw-dropping 14 million records.
Our friends at the Identity Theft Resource Center (ITRC) have compiled a list of the biggest ones in addition to the Yahoo security breach, which are below:
- Last Thursday, the social media site Formspring announced that hackers had posted passwords for 420,000 accounts online.
- Last month, LinkedIn reported that over 6.5 million user passwords were compromised.
- The New York Electric and Gas Co. had over 1.8 million files exposed that contained Social Security numbers, dates of birth, and bank account numbers.
- The Utah Department of Technology Services had nearly 800,000 medical account passwords stolen by hackers out of Eastern Europe.
- Emory Healthcare, Inc. lost track of more than 300,000 patient records. A class action lawsuit could cost the hospital $200 million.
The Key to Secure Accounts: Strong Passwords
One thing you can do to help secure your online accounts is to use strong passwords. Yahoo reported that less than 5% of the hacked accounts used strong passwords.
As a rule, you should use a different password for all of your important online accounts, such as your online banking accounts, PayPal, and main email account. If you are using the same password for every website, no matter how strong it is, it’s not a good password. If a hacker finds out your password, they now have access to all your online accounts.
Below are some good tips for creating strong passwords:
- Aim for a middle ground in terms of passwords: strong enough to thwart hackers, but easy enough for you to manage.
- Choose a phrase that only makes sense to you or use an actual sentence with spaces in between words, like “Peyton Manning is my favorite quarterback” or “New York City is cold in the winter.” It’s easy to remember a phrase like that, but a hacker would only see a forbiddingly long password sequence.
- Choose a shorter phrase in a language other than English, and add numbers or characters to it.
- Use a complex password that contains numbers and special characters (such as “&” and “%”). Use both upper and lowercase letters as well.