Large Password and User Names Heist

by | Jul 25, 2012 | Cyber Security, Data Security, Data Theft Prevention, Identity Theft, Online Security, Password Authentication, Password Management

8.24 Million Passwords and User Names stolen and posted by hackers.

Data SecurityIf you use the online gaming site Gamigo, if your user name was your email address and you use the same password elsewhere then you need to be very, very concerned.  Cyber criminals will now start scouring the important networks and sites with your user name and passwords to your steal money, buy goods and change your settings.

While security pundits will tell you that you need strong passwords, every site should have different passwords and change passwords periodically, I’m going to tell you a few things they typically don’t.

  1. Get a secure password manager solution so you don’t have to remember or type passwords again. Not all password managers are secure.
  2. Don’t make your user name your email address and have bogus emails if the site requires one.
  3. Don’t use the same user name everywhere either. Make it gibberish too.
  4. Many of the little tricks about remembering passwords are stupid and don’t work. They are designed only to make you think you have security.
  5. Don’t save passwords in your browser.

I have been an advocate of password security for years. While some may say that passwords are insecure, I have to disagree. What is insecure is how passwords are chosen, managed and protected. Here are three main attack points that you need to be aware of:

  1. User managed passwords. This is where an individual gets to pick their password, or they have to remember the one they are assigned. The problem is that it causes the user to write their passwords down, use the same password everywhere and/or use a password that can easily be cracked.
  2. Keylogger malware. Even if you have supper strong passwords a keylogger will capture it and send the information to a cyber attacker. The trick here is not to have to type any passwords and keep your anti-malware up-to-date. A secure password manager with auto fill can block keyloggers.
  3. Company Password Databases. Gamigo has shown that even if you do everything right, you are put in jeopardy because of how the company protects their password database. Because you can’t secure a company’s servers, you can minimize the damage by never using the same password for your important sites like online banking, shopping and trading that you do for gaming and social networking.

 

Reprint from FoxNews.com

8.24 million email addresses, passwords stolen from Gamigo

Hackers have posted the email addresses and passwords of more than eight  million Gamigo users online — meaning anyone who commonly reuses the same  password could face a serious breach of security.

The leak was detected by data security service PwnedList, which alerts people  if their information has been compromised. Site founder Steve Thomas told Forbes  that the incident was a tremendous concern.

“It’s the largest leak I’ve ever actually seen,” Thomas told the site. “When  this breach originally happened, the data wasn’t released, so it wasn’t a big  concern. Now eight million email addresses and passwords have been online, live  data for any hacker to see.”

While 8.24 million user names and passwords represents a tremendous  compromise of Gamigo’s security, it’s far from the biggest such hack, explained  Ron Gula, CEO and CTO of Tenable Network Security.

“To put this in context, the Sony Playstation breach was much larger with 77  million email accounts and other personal data stolen,” Gula told FoxNews.com. “The Steam gaming service also lost 35 million records,” he added.

Still, the data breach represents the largest such incident this year,  topping the more than 6 million e-mail addresses stolen from LinkedIn in June  and far outstripping the 450,000 passwords taken  two weeks ago from Yahoo.

Theft of email addresses and passwords is step one down a path to identity  theft, Gula explained.

“Hackers that steal large numbers of emails and passwords are using the data  for many things including identity theft, theft of money through online banking  and access to a person’s credit card.”

To make it harder for cybercrooks to scam you, avoid using the same password  at these online sites as you do for banking and e-commerce activities, he said.  For an added degree of security, pad out your digital identity with a few extra  email addresses.

“Paranoid users leverage different email accounts for different services,  which makes it harder for an attacker to target them. Ultra paranoid users have  separate computers (or iPads) for doing online banking as they do for general  Internet and gaming usage,” Gula told FoxNews.com.

 

About Access Smart, LLC: Headquartered in Ladera Ranch, California, Access Smart, LLC is dedicated to empowering businesses, agencies and institutions to securely regain control over their computer network authentication and data access authorization. Security does not have to be cumbersome to be effective. That is why our products are designed using state-of-the-art security technologies while focusing on ease-of-use and low-cost-of-ownership. Security should never be a luxury, especially with rampant data breaches and privacy regulations.

For more information about Access Smart, please visit www.Access-Smart.com.