Change your passwords.
In 2012, the extremely popular professional networking site LinkedIn was hacked. Originally, the estimate on compromised passwords was around 6.5 million. That figure isn’t small, but this May, LinkedIn publicly acknowledged that 117 million passwords were actually compromised in the attack. CNN reports that hackers have been selling the exposed data from the attack on the black market.
A number of Facebook CEO Mark Zuckerberg’s social media accounts were hacked earlier in June. VentureBeat says the group claiming responsibility for these attacks credits information from the LinkedIn breach as the crowbar they used to pry open the internet titan’s other accounts. Twitter, LinkedIn, MySpace, Tumblr, Adobe, and GitHub have all been hacked (or were revealed as having been hacked years ago) in recent months, and information exposed in these hacks ranges from inconsequential to dangerous and personally identifiable.
Luckily, there are helpful people out there who want to make sure that those affected by hacks have a chance to find out. Have I Been Pwned is a site that can tell you if a given username or email address has had credentials associated with it dumped as part of a hack. You type in the username or email in question and the site queries a database of leaked account information. Users can even have notifications sent to their email if their credentials are found to be dumped later.
It does not matter how insignificant news outlets may make a hack seem. It can come out three years later that almost all the users of whatever service have been affected by the hack. Corporations have proven that they are only nominally committed to protecting customer data, or that their protections are so ineffective as to be nonexistent. Until it’s possible for corporations to truly secure themselves before allowing users to trust them with data, it is up to you to do everything in your power to keep yourself and your data safe on the internet.
You start with strong passwords.
Rule #1 is use different passwords on every single service you sign up for. If a single site containing a “master password” is hacked, all of your accounts are in danger. Scale your passwords so that the important ones are the longest and hardest to remember, and the passwords for the services with the least important data are easiest to remember. You can also keep track of your passwords, but not in a document on your computer. Services like LastPass are good to use because you only need to actively remember one master password, but you can also write passwords down on paper so long as you physically secure them in a firebox or other safe place. Always enable two-factor authentication when available. Do not use single words from the dictionary or common phrases as passwords. Create mnemonic patterns that will help you memorize your passwords, or create nonsense sentences to use as passwords (like “400 browbeaten meerkats catered”). At the very least, make all of your passwords longer than twelve characters. Automated brute-force tactics have become so sophisticated that anything less is trivial to crack.
As it grows, the internet is becoming wilder and more dangerous. Cybercrime has boomed into a global industry, and no wonder. We’re storing more data on the internet than ever; we’re more vulnerable on the web than we’ve ever been. That’s exactly why, as we face the possibility of future intrusions and attacks, it’s paramount that we properly defend ourselves and our data.
Big thanks to Devon Ackerman. The password creation guidelines above are based on his Personal Home Technology Security Plan posted on LinkedIn, and his guide also includes tips for securing your home wifi network and more. For anyone who uses computers on a daily basis, Ackerman’s guide is worth reading. It’s expressly not meant as a full-scale corporate security guide, but it will help you put a wall between your own data and the bad guys.