Into the Breach - Popular Online News Service Announces Passwords Downloaded
LinkedIn (6.5M), Yahoo (400K), Microsoft Online Store, OLDaily...what do they have in common? Passwords released to the world.
Passwords and online information, in fact, is the No. 1 target of hacking incidents, according to the Web Hacking Incident Database, a semi-annual report from Trustwave, an international computer security agency based in Chicago. (Source)Over the last few months, we know that there have been privacy breaches. It may have been a hard drive left in a car, an unencrypted file put on an internet server...these things happen and with increasing frequency. That's why I put together 5 Encryption Tips for School Administrators. Of course, there's the approach some have taken--posting passwords on a server, making them available for download unintentionally.
These days, you can go online to track all the privacy breaches, at the Privacy Breach Clearinghouse:
A dishonest employee was arrested for using a skimming device to steal customer credit card numbers at Chili's. Investigators were able to link another fraudulent credit card crime to a credit card stored in the dishonest employee's skimmer. This led to the discovery of a credit card making machine, a credit card skimmer, laptops, blank credit cards, and pages of names, Social Security numbers, and dates of birth at a separate residenceAll these breaches aside, there's one I bet you didn't see coming--OLDaily, Stephen Downes' .
An employee's computer bag was stolen on July 19. The bag contained a computer server back-up that had patient and employee names, Social Security numbers, dates of birth, insurance information, medical record numbers, limited clinical information, and addresses.
A student was able to access and distribute information from a classroom management system called PowerTeacher. The student used user names and passwords to access grades, demographics, Social Security numbers, and other personal information. Some parents reported receiving strange calls that disclosed personal information.
Ten people consisting of assistant managers, sales representatives, and other employees of banks were arrested for participating in an identity theft ring. Information was stolen and misused between November 2011 and February 2012.
A UA student ran a Google search and found her private information posted publicly. The data belonged to several thousand people who had submitted their names and tax ID numbers to UA in order to receive payments or reimbursements. Vendors, consultants, guest speakers, and UA students had their names and tax ID numbers exposed in February and early March. Some people had their Social Security numbers exposed in lieu of tax ID numbers. The sensitive data was embedded within a larger set of files being transferred to the UA new financial system. The files were thought to only contain public information.
- Get accustomed to using tough passwords like the ones generated here. You can use the online password generator or download a program and run that on your computer.
- Safeguard your passwords using one of the following: KeePass, LastPass, and 1Password. My favorite is KeePass since it works on every mobile device I own and operating system.
- Change your passwords frequently and check the strength of your passwords:
Several sites can check the strength of your password:
Final Note of Humor: I hope Stephen Downes will forgive me for mentioning 5 downloads of passwords for OLDaily News Service in the same breath as LinkedIn (6.5 million passwords) and Yahoo (400,000 passwords), but I hope he realizes that OLDaily is JUST AS IMPORTANT as those services, if not more so.
Get Blog Updates via Email!
Everything posted on Miguel Guhlin's blogs/wikis are his personal opinion and do not necessarily represent the views of his employer(s) or its clients. Read Full Disclosure