I signed our family up for Disney+ the day it launched. We are big fans of Disney movies which include the classic Disney movies along with Star Wars and Marvel. When it was announced a few days later that Disney+ had been hacked and thousands of accounts were for sale on the hacking forums, I was shocked. After some investigation, I discovered that Disney+ servers had not been hacked or suffered a security breach, these accounts were part of a classic case of credential stuffing. It's something hackers have been doing with your information that is floating on the dark web. If you don't use the following steps to protect your online accounts, you may have to deal with data breaches more serious than your favorite streaming account being compromised.
The Disney+ accounts that were 'hacked', were actually compromised by a process called credential stuffing. What online criminals do is take user names and passwords that were leaked or stolen in previous data breaches and use them on online services such as email accounts, cloud storage accounts, financial accounts and of course streaming services; seeing which ones will allow you access to the account. Recent hacks for companies such as OKCuipid, Dunkin' Donuts and Nest occurred because of this process. These companies weren't hacked ... users of these services like most people use the same user name and passwords for multiple online accounts. To make matters worse, there are credential stuffing tools that can easily be obtained online that helps automates the process of checking which stolen user name and password information will log you into online accounts. These tools will do the dirty work of searching the Internet for vulnerable accounts and will alert the hacker once they are able to log in. Think for a moment if you used the same key to get into your office, your home or your car. If someone made a copy of that single key, they would have access to everything you own.
It doesn't help that cybercriminals have no shortage of data to get your online account information from. One recent hack of what's now known as Collection #1 - 5 released 2 billion user names and passwords to the hacker community. Don't forget the recent breaches of Yahoo and Linkedin. The point I am trying to make is that you need to understand your information is floating around the hacker community and when you reuse user name and passwords over and over again, it puts your personal information at risk.
Now, this doesn't mean companies are off the hook. There are still many services like Netflix and Disney+ that don't offer two-factor authentication or using captcha to differentiate between a live person or a credential stuffing program. Rather than waiting for your online services to get their act together, take matters into your own hands and follow these steps to make sure your online accounts are safe:
1. Get into the habit of using different passwords for all of your online accounts. Yes, I know you have a ton of online accounts and it's easy to use the same user name and password for all of your accounts. As you can see, hackers and cybercriminals love this practice and it puts you at risk, so stop it.
2. Go online to see if your user name and password have been part of a data breach. www.haveibeenpwned.com and www.fightingidentitycrimes.com are two awesome sites that will let you know if your information has been compromised. First, visit haveibeenpwned. Once you visit this web site, enter your email address in the search Window. Once you enter your information, this web site will let you know if your email (and password) has been part of a data breach. If you've been 'pwned' it means you need to go change the passwords to all of your online accounts. Fighting Identity Crimes lists ever data breach since 2012. There is no utility that will automatically check your account information, you can use it to see if a company you've done business with has leaked your information.
3. Use a password manager. If you struggling with remembering all of those user names and passwords for all of your online accounts, use a password manager. There are programs like Dashlane, 1Pass and LastPass, but you can also use your favorite browser such as Edge, Chrome, Opera, Firefox and Chrome to manage your user names and passwords for all of those accounts. If you're wondering if using a password manager is safe, it's as safe as the password you use to keep whatever password manager account program you use.
Credential stuffing is only going to increase in 2020 so you need to get into the habit of using different passwords for all of your online accounts. If you are using the same passwords for your online accounts, today the account that's compromised maybe your streaming account. Tomorrow it could be something worse like your email accounts or your bank and financial accounts.
Want to ask me a tech question? Send it to burton@burtonkelso.com If you prefer to connect with me on social media, you can find me on Facebook, Instagram, LinkedIn, and Twitter and watch great tech tip videos on my YouTube channel. I love technology. I've read all of the manuals and I want to make technology fun and exciting for you.
If you need on-site or remote tech support for your Windows\Macintosh, computers, laptops, Android/Apple smartphone, tablets, printers, routers, smart home devices, and anything that connects to the Internet, please feel free to contact my team at Integral. My team of friendly tech experts are always standing by to answer your questions and help make your technology useful and fun. Reach out to us a www.callintegralnow.com or phone at 888.256.0829.
If you found this post useful, would you mind helping me out by sharing it? Just click one of the handy social media sharing buttons below.