Passwords Leaked...Again
Once again, headlines are screaming about data breaches that hit close to home.
Yesterday’s Globe & Mail story, “My data got leaked in Indigo’s ransomware attack, years after I left” hit a little too close to home for me, as both my daughters worked there throughout high school – and we all spent far too much money with this retailer. We still do! So yes, I was changing passwords last night and getting my girls to do so, too.
Unfortunately, this is not an unusual situation these days, but it truly underscores the need for regularly scrutinizing data protection policies and practices – and for ensuring that software is up to date, and that patches are pushed out regularly and properly installed.
Last month (February 2023), Eye4Fraud, which uses a proprietary Ai system and Dynamic Scoring technology to help online retailers avoid inadvertently accepting fraudulent and/or stolen credit cards, was hacked. Over 16 million accounts, including customers of retailers using this application, were impacted. Data from the breach, which included names, email addresses, physical addresses, phone numbers and partial credit card data (type of card and the last four digits on the card), appeared in 147 different tables on the dark web. Many Canadian credit card holders are among the victims.
Our advice: Change your network passwords ASAP. As you know, we don’t normally say this, but with +150 significant breaches since the beginning of this year involving popular retailers and other commonly-used sites, we feel that it’s only prudent.
What advice can you give your colleagues and employees?
- Change your passwords regularly and do not store them on your electronic devices. It goes without saying that passwords should not be written down and displayed – yet we actually saw that in practice when visiting an office recently!
- Ensure the password is at least 10 characters long and contains a number, a symbol, an upper case and a lower case letter– and that these letters do not create a word.
- Avoid using the same password twice. Having variations on a theme, even if unique to you, is also imprudent. Doing so will leave you vulnerable to credential-stuffing attacks.
- Consider using a password vault or a password manager to generate and manage strong, unique passwords for your online accounts.
- Monitor your credit score and check for unusual activity in your junk folder, too.
- Regularly check to see if your email address has been compromised by using tools specifically designed for that purpose.
One of the tools you can use to check your email is: https://haveibeenpwned.com/. I checked last night and found that account details associated my email address had been leaked in 20 separate breaches – including those of Dropbox, Twitter, LinkedIn, Bitly, and Animoto (which my students introduced me to for video-creation). Scarier than that: I did not recognize the names of the other sites that had login credentials associated my email account.
Another the reasons why I was changing passwords last night!
If you are concerned, you can go to: haveIbeenpwned.com, or call us to learn about a tool you can use to quickly and easily determine if the email address of anyone in your organisation is at risk.
If you are interested, or disconcerted by what you find on https://haveibeenpwned.com/ (because we all know you’re going to check), please reach out so that we can provide you with a free trial: [email protected] or call us at 416.429.0796 or 1.877.238.9944 (toll free).
We look forward to hearing from you – but hopefully not because you learn that you and/or your organisation has been egregiously compromised!
Fingers crossed.
.webp)