It seems like every few weeks the news is reporting some massive data breach from one source or another. While only the very large, public breeches are usually mentioned on the news, smaller, less well-known site breeches are usually only seen through shared security, Twitter or Facebook posts.
It is ironic that Facebook, while helping highlight such breaches, has itself been breached on more than one occasion. The most recent breach in March has estimates of up to 600 million passwords being exposed. This coming just six months after another breach reportedly exposed 50 million users.
If you add this to many other site breaches
happening regularly, the amount of sensitive information floating around
the darker side of the internet is extremely troubling.
Another
disturbing fact is that while your email and password may have been
taken from one site, if you have used that same login information
somewhere else, it could also be in danger.
Leaked login credentials are not only limited to the source site. Once logins have been harvested, they can then be used within hacking software to test different websites using the same credentials.
Hackers use software that they aim
at a site and tell it to use
a text file list of harvested logins.
This is called brute force hacking.
at a site and tell it to use
a text file list of harvested logins.
This is called brute force hacking.
Unlike the movies and TV shows, hackers do not sit at their computers in some dark room, typing usernames and passwords into their screen.
Now they use software that they simply aim at a site- PayPal for example- and tell it to use a text file list of harvested logins. This is called brute force hacking. The hacker then clicks a button and leaves while the software makes a list of any that work.
Now they use software that they simply aim at a site- PayPal for example- and tell it to use a text file list of harvested logins. This is called brute force hacking. The hacker then clicks a button and leaves while the software makes a list of any that work.
Therefore, if you use your email and password on Facebook, and you have used the same email and password on PayPal, you could have future problems.
What can you do? The obvious thing is not to use the same login information on multiple sites. However, it can be a nightmare keeping track of your logins. There is a website online called Have I Been Pwned? (https://haveibeenpwned.com).
The site keeps track, as much as possible, of the breached data that appears on dark web hacking forums, and keeps it in a searchable form. All you need to do is go to the site and enter the email address that you want to check. The site will then tell you how many times that email has shown up online. You can even download the relevant files that were posted online to check for yourself.
If you have concerns with your web presence reaching your widest customer base, now is the time to look into our WebUpdate system sites. Not Open Source, they take advantage of advanced SEO, social, and responsive features to give your business the best competitive edge online.
Terry Young is the founder and CEO of Internet Marketing and Design. Since 1997,
his computer programming and graphic design knowledge have kept his company
at the forefront of the latest technology in web development.