{"id":4727,"date":"2016-06-01T10:24:35","date_gmt":"2016-06-01T15:24:35","guid":{"rendered":"https:\/\/www.poweradmin.com\/blog\/?p=4727"},"modified":"2016-05-27T13:30:58","modified_gmt":"2016-05-27T18:30:58","slug":"another-email-hack-should-we-worry","status":"publish","type":"post","link":"https:\/\/www.poweradmin.com\/blog\/another-email-hack-should-we-worry\/","title":{"rendered":"Another email Hack: Should We Worry?"},"content":{"rendered":"

Each time a major email service or social media platform gets hacked, the incident generates exciting headlines in the media. But behind the hype there\u2019s a very real tale of anxiety for all the users concerned.<\/span><\/p>\n

\u00a0<\/p>\n

Has vital information been stolen or compromised? Are funds being siphoned off, into the hands of criminals \u2013 who now have control over critical user accounts? Have reputations been ruined?<\/span><\/p>\n

\u00a0<\/p>\n

With a serious enough data breach, any or all of these scenarios are possible. And the nightmare stories just keep coming\u2026<\/span><\/p>\n

In Recent Days\u2026\"EmailHack_assault\"<\/a><\/b><\/span><\/h2>\n

Earlier this month, Reuters disclosed the news<\/a> that a young Russian hacker claimed to have pulled off a massive data breach, involving usernames and passwords extracted from the likes of Hotmail, Gmail, Yahoo, and the Russian service Mail.ru (which was the principal target). Some data was also heisted from large commercial organisations in the U.S., including firms in the manufacturing, retail, and banking industries.<\/span><\/p>\n

<\/h2>\n

<\/h2>\n

And Not So Recently\u2026<\/b><\/span><\/h2>\n

On May 18th, The Hacker News<\/a> founder Mohit Kumar reported on another breach, this time involving \u201cthe professionals\u2019 social media network\u201d, LinkedIn. The story was actually a follow-up to an assault on the platform which occurred in 2012 \u2013 but the full extent and potential repercussions of the incident are only now being revealed \/ disclosed.<\/span><\/p>\n

What\u2019s the Damage?<\/b><\/span><\/h2>\n

In the Reuters incident, the young hacker known as \u201cThe Collector\u201d has laid claim to some 1.17 billion stolen credentials. Of these (comprising 272 million unique IDs, according to founder and chief ISO of Hold Security, Alex Holden), around 40 million (or roughly 15%) are from Yahoo Mail, 33 million (about 12%) from Microsoft Hotmail, and approximately 24 million (9%) stem from GMail accounts.<\/span><\/p>\n

\u00a0<\/p>\n

The LinkedIn breach of 2012 netted its alleged perpetrator (also of Russian origin, and nicknamed \u201cPeace\u201d) the confidential information of around 117 Million users of LinkedIn, including hashed passwords and email account details.<\/span><\/p>\n

And the Cost?<\/b><\/span><\/h2>\n

\u201cThe Collector\u2019s\u201d haul of purloined data has worked out fairly cheaply: After initially demanding a ransom of 50 rubles (less than one U.S. dollar, at today\u2019s exchange rates) from the Hold Security researchers he contacted, the youngster was eventually willing to settle for a shout-out on social media, in exchange for the 10 Gb of compressed data that was finally released.<\/span><\/p>\n

\u00a0<\/p>\n

By contrast, the LinkedIn breach has the potential to cost the company quite a bit.<\/span><\/p>\n

\u00a0<\/p>\n

For starters, \u201cPeace\u201d is reportedly selling the stolen credentials for 5 Bitcoins (around $2,200) on the Dark Web\u2019s notorious sales platform, \u201cThe Real Deal\u201d. And in 2015, LinkedIn paid out\u00a0some $1.25 million to settle a class action lawsuit in respect of the U.S. citizens counted among the 6 million victims of the breach that were known of, in 2012.\"EmailHack_lostmoney\"<\/a><\/span><\/p>\n

\u00a0<\/p>\n

With the true number of victims now confirmed at over 110 million LinkedIn accounts (some figures suggest as many as 167 million unique accounts), the class action bill that LinkedIn faces could exceed $15 Million (assuming that 30% of those accounts are U.S. citizens). To say nothing of the reputational damage that\u2019s already been done to the LinkedIn brand, as a result of their perceived vulnerability to attacks.<\/span><\/p>\n

But the Potential Cost to You\u2026<\/b><\/span><\/h2>\n

The same damage may result<\/a>, if you or your organisation become a victim of a successful email or user account hack. With stolen credentials being openly traded to the highest bidder, there\u2019s scope for vital (and potentially embarrassing) information to wind up in the hands of criminal networks, corporate rivals, malicious pranksters, and identity thieves.<\/span><\/p>\n

So Take Steps to Avoid It<\/b><\/span><\/h2>\n

It may not be inevitable, but in today\u2019s cyber-threat environment, the chances of falling prey to email account hackers are definitely on the rise. Here are some tips on how to stave off that day:<\/span><\/p>\n

\u00a0<\/p>\n

\u00b7 Use Complex Passwords: <\/b>If they\u2019re difficult for you to remember, chances are they\u2019re difficult for someone else to hack. Strong passwords typically have a minimum length of 10 characters, with a mix of lower and uppercase letters, numerals, and punctuation symbols.<\/span><\/p>\n

\u00a0<\/p>\n

\u00b7 Unique Accounts? Unique Passwords: <\/b>Use a different (strong) password for each user account that you have. If you\u2019re using common passwords across multiple accounts or platforms, a hacker may gain access to all of your profiles, in the event that your credentials are stolen.<\/span><\/p>\n

\u00a0<\/p>\n

\u00b7 Use Complex Usernames: <\/b>You don\u2019t have to do the logical thing, when creating your user profile for an email or social media account, and use your proper name. Your username could be a personal catchphrase, or strong password-style mix of characters. This adds an extra layer of complexity to your account profile, as a whole.<\/span><\/p>\n

\u00a0<\/p>\n

\u00b7 Use Multi-Level Authentication: <\/b>Many networks now give you the option of logging in by using your username and password in conjunction with an additional stage such as entering a text message code received on your registered mobile phone number, a smart card PIN, or randomly generated sequence from a smart key fob. Again, this is added protection, and well worth considering.\"EmailHack_email\"<\/a><\/span><\/p>\n

\u00a0<\/p>\n

\u00b7 T<\/strong>reat Unsolicited emails and Attachments with Great Caution: <\/b>Phishing is still a favourite pastime for many a hacker, and bogus links or malware-laden attachments are an ongoing threat. If you receive a suspicious message from a previously trusted source, phone them or speak to them in person about the message before opening, to confirm that they actually sent it.<\/span><\/p>\n

\u00a0<\/p>\n

\u00b7 Keep Backups of Your Data: <\/b>And store them in a secure location. This can include copies of vital emails, documents, and business-critical information. But DON\u2019T store your passwords or user credentials on a hard drive or removable medium that may be easily located and hacked.<\/span><\/p>\n

\u00a0<\/p>\n

\u00b7 Use Spam Filters and Up-to-date Anti-virus Software: <\/b>And keep your Web browsers regularly updated, to enjoy the protection of the latest security tools and patches.<\/span><\/p>\n

\u00a0<\/p>\n

\u00b7 Stay Informed: <\/b>Do online research, and \/ or subscribe to security forums and threat intelligence networks, to keep abreast of the latest threats and technologies.<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"

Each time a major email service or social media platform gets hacked, the incident generates exciting headlines in the media. But behind the hype there\u2019s a very real tale of anxiety for all the users concerned. \u00a0 Has vital information been stolen or compromised? Are funds being siphoned off, into the hands of criminals \u2013 […]<\/p>\n","protected":false},"author":10,"featured_media":4733,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4,13],"tags":[],"class_list":["post-4727","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-general-it","category-pc-security"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/posts\/4727","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/users\/10"}],"replies":[{"embeddable":true,"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/comments?post=4727"}],"version-history":[{"count":5,"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/posts\/4727\/revisions"}],"predecessor-version":[{"id":4760,"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/posts\/4727\/revisions\/4760"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/media\/4733"}],"wp:attachment":[{"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/media?parent=4727"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/categories?post=4727"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/tags?post=4727"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}