What are the lessons learnt from password hacking?

Hot off the heals, with the recent hacks on eBay and Gmail, it’s not surprising that we find 2 more respected organisations who’s security has been compromised and leaves data vulnerable to hackers.

  1. iThemes

iThemes, a favoured website that provides themes and plugins for popular blog site WordPress, have contacted all their users with a notice urging them to change their passwords.
Core data such as user names, passwords, real names, IP addresses and purchase details were stolen however, iThemes have strongly stated that no payment information was accessed. In terms of the damage, approximately 60,000 users have been affected, both active and in active and the recommendation is people should change their password urgently.
Surprisingly, passwords were stored as plain text without any encryption or protection, and with simple easy access.

  1. JP Morgan

JPMorgan, the largest bank in the US have just revealed that hackers have exploited an employee password and subjected them to potentially the largest ever cyber-attack; accessing data from 76 million households and 7 million small businesses.
Although, the hack has gathered account holders names and addresses, JP Morgan have stated “there is no evidence that account information for such affected customers – account numbers, passwords, users IDs, dates of birth or Social Security numbers – was compromised during this attack”[4].
With the recent spates of hacks, it seems the lessons have not been learnt. The following points will help you address your own security credentials:

  • It’s a case of common sense prevails and never to store passwords without encryption or security, and especially never to store them on a plain txt file.
  • Don’t take the easy route and choose an easy to guess password.
  • Where possible, opt for a two factor authentication. Even if hackers can get hold of your password it still won’t be enough for entrance into your account, simply because it’s virtually impossible for them to get hold of your one-time-password that the site demands.

It is important that everyone remains vigilant with their own security; it isn’t a case of handing it over to a third party service and wiping your hands of it regardless of how much we trust them.
Consider your own security by keeping things secure, encrypted and private because no matter how much we try to cover our steps, passwords alone are not impenetrable, especially since everything we do is online – this provides enough ammunition for hackers.
With the step above and the use of common sense, we can continue to make things difficult for hackers.
LogonBox Password Self Service