A spate of recent hacks has exposed millions of passwords and email addresses. One organisation has even gone so far as to tell its members that at some point their cyber defences will be breached. The hacks also expose some serious passwords blunders and reveal that many people still don’t understand the need for strong passwords.
Some of you may recall the recent blog about the Adobe hack (see details here and here) in which millions of accounts were hacked. It turns out that Cupid Media, an online dating agency, which used the same server as Adobe was also hacked. Up to 42 million unencrypted names, dates of birth, email addresses and passwords have been stolen by hackers.
Cupid Media runs 35 niche dating sites such as UkraineDate.com, MilitaryCupid.com and IranianSinglesConnection.com. It was hacked back in January but only recently admitted to the breach after it was exposed by Brian Krebs, a well known security researcher.
Interestingly the company never encrypted the user information it was holding, though this isn’t too unusual. Lots of companies don’t encrypt customer data because they fear it will be too expensive or too complicated.
US government and military exposed as well
However, since the hack Cupid Media has begun encrypting passwords. If the data had been encrypted in the first place the hackers would have only discovered scrambled data, which is of no use to them.
It’s also interesting to note that more than 11,000 of the hacked accounts used a US military email address to register, and around 10,000 had registered using a US government address. Interesting indeed - for a certain type of hacker.
Institute warns its 140, 000 members : “You will be hacked”
Hacking is almost a daily occurrence and it seems to be a question of not ‘if’ but ‘when’ a company will be hacked. The Institute of Chartered Accountants England and Wales (ICAEW) has just admitted as much.
The ICAEW ranks more than 140,000 chartered accountant members and in a recently released report pretty much admits that some degree of security breach is unavoidable, and it’s actually part of doing business in a digital world.
But back to the Cupid Media hack. Of the leaked passwords, almost two million picked ‘123456’, and over 1.2 million chose ‘111111’. ‘iloveyou’ and ‘lovely’.
Password’ and ‘qwerty’ were quite common with around 40,000 using these predictable passwords, while 20,000 went for ‘zxcvbnm’ at the bottom of the keyboard.
The danger of using predictable passwords was spelt out only a few days ago. A web-hosting development site for techie types, GitHub, was hit with a password hack attack.
The method was known as a ‘brute-force’ attack which means the attackers used automated software that identifies commonly used or easily guessed passwords. This is fairly common but the scale of the attack wasn’t. It was launched from 40,000 IP addresses. GitHub had to engage in a massive password reset exercise.
Online identity theft protection
It can be a bit of nightmare trying to establish different passwords for different things, there are often simply too many to remember. Most people use one password for multiple sites. It makes sense though to at least create a password that is difficult to detect by including letters, numbers, symbols and a mixture of upper case and lower case.
What’s in a password you might ask? Well, give a hacker a password and email address and you might as well give the keys of your house to a burglar.
It always pays to protect yourself and BullGuard Identity Protection offers high levels of online identity theft protection including password safeguards. If your details are hacked and they appear somewhere on the web, most likely the deep web, you’ll receive immediate alerts so you can take remedial action.