Ready to change your passwords again?
If you didn’t bother changing your passwords when you heard about Heartbleed, you might want to consider changing them today. In another case of stolen internet credentials, a Russian tech gang has acquired an estimated 1.2 billion username and password combinations, along with over 500 email addresses.
A security firm based out of Milwaukee conducted an 18 month study of the security breach. It has not announced specific sites that were hit, citing non-disclosure agreements and concerns for vulnerable websites. Nevertheless, an independent security expert confirmed the claims to be authentic.
The hackers used unsuspecting zombie computers with viruses to control a large group of virus infected computers. This “bot net” was used to test for SQL vulnerabilities on servers.
Once a vulnerability was identified, the attacker executed SQL injections to send malicious commands and extract data. In this way they were able to collect databases full of user names and passwords. Small and large websites have been affected worldwide by this hack.
So far, the stolen data has only been sold in small quantities on the black market, and used to access social media to send out spam messages.
So what’s a person to do when it seems like keeping data secret is a losing battle?
- Change your passwords, and make sure they are strong, secure passwords with capital letters, lower case letters, numbers, and special characters.
- Businesses should run a check with the webmaster to see if their websites are vulnerable to SQL attack.
- Don’t use the same username/password combination for all the sites you access, particularly important ones like banking.
- Don’t panic, and have a plan in place in case you are a victim of data theft.
For more information on keeping your data secure, visit our blog posts on Heartbleed, and Preventing your Email from Getting Hacked. Or you can contact us here at Appletree MediaWorks for more information.
