Any of your passwords, be it for email, social networks or online banking hold value for cybercriminals, because almost any stolen account can be used in fraud schemes. It’s no wonder password theft is so widespread nowadays. Sometimes thieves steal passwords directly from major company’s servers, and sometimes they steal from end users’ machines. Security researchers recently discovered a major database containing about two million various passwords, collected by Pony botnet. The malware associated with this botnet infects a computer, gathers all available (saved) passwords from web browsers, email and FTP clients, and sends all data to cybercriminals, using proxy servers to hide a final destination.
In this most recent hack, criminals gathered passwords from the following major services: Facebook, Yahoo, Gmail, Twitter, Linkedin and Russian-specific social networks Odnoklassniki and Vkontakte.
Considering the large scale of this incident, users of the above mentioned services should think about whether or not their passwords are okay.
In order to have your Gmail or Facebook account stolen, it’s not necessary to become a target for a malware attack. Maybe you’ve just checked your inbox using your friend’s PC or a public terminal in a hotel or an airport. If this PC was infected, one of your passwords is in the possession of a hacker now. This could be quite unpleasant by itself, but the problem will become even worse if you have a habit of re-using the same password for multiple online services. It doesn’t take a genius to try to obtain the login and password combination alex@gmail-com / 123456 to log into Facebook or Twitter. Unfortunately, this works way too often. According to a survey conducted by B2B International this summer, 39% of users use only a handful of passwords to access all or their accounts, i.e. the same password is used on multiple sites.
As password theft happens more often, this habit has become even more dangerous, especially if you consider that your daily routine now includes persistent access to financial transactions – from classical online banking to fund transfers using Gmail attachments. That’s why a seemingly innocent Twitter password theft might eventually lead to the loss of real money.
To sort this out, all of us must take one important step – change your old passwords, making sure that each online account is protected with its own, unique password. If you have a hard time remembering multiple passwords, you can use special software like password manager, which is able to store your passwords in encrypted form. The luxury of re-using the same password over and over again is now a part of “the good old Internet times”. To avoid further password theft, follow the advice of Aleks Gostev, Chief Security Expert at Kaspersky Lab:
- Use a robust antivirus.
- Update software on a regular basis. Pay special attention to updating Windows, web browser, popular apps used to view PDF, Flash, Java applets.
- Always remember safety. If a user gets a link from a friend who never sends him anything, or the friend sends something that the user would never expect to receive from him/her, this should raise suspicion. It’s better to ask the friend personally, and thus find out whether his/her account was hacked or not.
- One should pay attention to links – a domain name of a popular web-resource may contain some symbols, or the letters may be different. This is a first sign of being redirected to a malicious phishing web-site. Avoid accepting friend requests from people you don’t know, and don’t follow suspicious links in general.
- Develop complex passwords, unique to every your account. By the way, you can test your password reliability using our online service.