Hotmail security breach spreads as 20,000 Gmail and Yahoo! passwords are posted online.
As is quite common with the Daily Wag and Cleavage, a bit of a misleading headline.
Yes, thousands of email passwords etc, from not only Hotmail but also Yahoo, Google, AOL, Earthlink and others, have been posted online but the information was not obtained as a result of a security breach, rather through hackers conducting an industry-wide ‘phishing’ campaign. Which is something quite different.
Microsoft in particular, as the owners of Hotmail, were slated by some areas of the press for lack of security, with the usual cries of, ‘oh, what do you expect, it’s Microsoft’.
The passwords and other information were not acquired as a result of a security breach but by people being fooled into providing the information themselves to fraudsters.
You see these phishing attempts on a daily basis. Emails arrive saying ‘please click here to confirm your personal details’, ‘Alert, possible security breach, please click here’ etc etc. Many of the websites you are subsequently directed to do actually look authentic, all part of the fraudsters’ game plan.
There are some simple precautions you can take to avoid being ‘had’ by these fraudsters.
- Don’t click on attachments from unknown sources. DELETE THE EMAIL WITHOUT OPENING.
- Don’t automatically assume that attachments purporting to come from people you know are ‘safe’.
- Remember that banks, credit card companies and other financial institutions will NEVER ask for personal information via email.
- Do not click on unknown links in emails. If, for example, you receive an email purporting to come from the Bank of America and it requests you to click on a link (for whatever reason), move the mouse over the link and check the URL (address) it conceals. Instead of bankofamerica.com you might see 2bankofamerica.com or even a completely different address. DELETE THE EMAIL.
- If you do decide a particular link is trustworthy and safe, copy the link and paste it into another browser window or tab.
And in general:
- Do not use the same password for all your online activities/websites. Strangely, 40% of people do fall into this category. Crack one, you crack the lot.
- Make the passwords hard(er) to crack by using all sorts of characters, the more the merrier. Avoid using only letters as these can easily be cracked by throwing a dictionary at it.
- Don’t use birthdays etc, which again, a lot of people do, as these are also easy to work out and one of the first things hackers try.
- Change passwords regularly.
- There is no such thing as a free lunch.
- Always be on your guard, just as in any other sphere of modern life.