Another email Hack: Should We Worry?

Each time a major email service or social media platform gets hacked, the incident generates exciting headlines in the media. But behind the hype there’s a very real tale of anxiety for all the users concerned.

 

Has vital information been stolen or compromised? Are funds being siphoned off, into the hands of criminals – who now have control over critical user accounts? Have reputations been ruined?

 

With a serious enough data breach, any or all of these scenarios are possible. And the nightmare stories just keep coming…

In Recent Days…EmailHack_assault

Earlier this month, Reuters disclosed the news that a young Russian hacker claimed to have pulled off a massive data breach, involving usernames and passwords extracted from the likes of Hotmail, Gmail, Yahoo, and the Russian service Mail.ru (which was the principal target). Some data was also heisted from large commercial organisations in the U.S., including firms in the manufacturing, retail, and banking industries.

And Not So Recently…

On May 18th, The Hacker News founder Mohit Kumar reported on another breach, this time involving “the professionals’ social media network”, LinkedIn. The story was actually a follow-up to an assault on the platform which occurred in 2012 – but the full extent and potential repercussions of the incident are only now being revealed / disclosed.

What’s the Damage?

In the Reuters incident, the young hacker known as “The Collector” has laid claim to some 1.17 billion stolen credentials. Of these (comprising 272 million unique IDs, according to founder and chief ISO of Hold Security, Alex Holden), around 40 million (or roughly 15%) are from Yahoo Mail, 33 million (about 12%) from Microsoft Hotmail, and approximately 24 million (9%) stem from GMail accounts.

 

The LinkedIn breach of 2012 netted its alleged perpetrator (also of Russian origin, and nicknamed “Peace”) the confidential information of around 117 Million users of LinkedIn, including hashed passwords and email account details.

And the Cost?

“The Collector’s” haul of purloined data has worked out fairly cheaply: After initially demanding a ransom of 50 rubles (less than one U.S. dollar, at today’s exchange rates) from the Hold Security researchers he contacted, the youngster was eventually willing to settle for a shout-out on social media, in exchange for the 10 Gb of compressed data that was finally released.

 

By contrast, the LinkedIn breach has the potential to cost the company quite a bit.

 

For starters, “Peace” is reportedly selling the stolen credentials for 5 Bitcoins (around $2,200) on the Dark Web’s notorious sales platform, “The Real Deal”. And in 2015, LinkedIn paid out some $1.25 million to settle a class action lawsuit in respect of the U.S. citizens counted among the 6 million victims of the breach that were known of, in 2012.EmailHack_lostmoney

 

With the true number of victims now confirmed at over 110 million LinkedIn accounts (some figures suggest as many as 167 million unique accounts), the class action bill that LinkedIn faces could exceed $15 Million (assuming that 30% of those accounts are U.S. citizens). To say nothing of the reputational damage that’s already been done to the LinkedIn brand, as a result of their perceived vulnerability to attacks.

But the Potential Cost to You…

The same damage may result, if you or your organisation become a victim of a successful email or user account hack. With stolen credentials being openly traded to the highest bidder, there’s scope for vital (and potentially embarrassing) information to wind up in the hands of criminal networks, corporate rivals, malicious pranksters, and identity thieves.

So Take Steps to Avoid It

It may not be inevitable, but in today’s cyber-threat environment, the chances of falling prey to email account hackers are definitely on the rise. Here are some tips on how to stave off that day:

 

· Use Complex Passwords: If they’re difficult for you to remember, chances are they’re difficult for someone else to hack. Strong passwords typically have a minimum length of 10 characters, with a mix of lower and uppercase letters, numerals, and punctuation symbols.

 

· Unique Accounts? Unique Passwords: Use a different (strong) password for each user account that you have. If you’re using common passwords across multiple accounts or platforms, a hacker may gain access to all of your profiles, in the event that your credentials are stolen.

 

· Use Complex Usernames: You don’t have to do the logical thing, when creating your user profile for an email or social media account, and use your proper name. Your username could be a personal catchphrase, or strong password-style mix of characters. This adds an extra layer of complexity to your account profile, as a whole.

 

· Use Multi-Level Authentication: Many networks now give you the option of logging in by using your username and password in conjunction with an additional stage such as entering a text message code received on your registered mobile phone number, a smart card PIN, or randomly generated sequence from a smart key fob. Again, this is added protection, and well worth considering.EmailHack_email

 

· Treat Unsolicited emails and Attachments with Great Caution: Phishing is still a favourite pastime for many a hacker, and bogus links or malware-laden attachments are an ongoing threat. If you receive a suspicious message from a previously trusted source, phone them or speak to them in person about the message before opening, to confirm that they actually sent it.

 

· Keep Backups of Your Data: And store them in a secure location. This can include copies of vital emails, documents, and business-critical information. But DON’T store your passwords or user credentials on a hard drive or removable medium that may be easily located and hacked.

 

· Use Spam Filters and Up-to-date Anti-virus Software: And keep your Web browsers regularly updated, to enjoy the protection of the latest security tools and patches.

 

· Stay Informed: Do online research, and / or subscribe to security forums and threat intelligence networks, to keep abreast of the latest threats and technologies.

Des Nnochiri has a Master’s Degree (MEng) in Civil Engineering with Architecture, and spent several years at the Architectural Association, in London. He views technology with a designer’s eye, and is very keen on software and solutions which put a new wrinkle on established ideas and practices. He now writes for markITwrite across the full spectrum of corporate tech and design. In previous lives, he has served as a Web designer, and an IT consultant to The Learning Paper, a UK-based charity extending educational resources to underprivileged youngsters in West Africa. A film buff and crime fiction aficionado, Des moonlights as a novelist and screenwriter. His short thriller, “Trick” was filmed in 2011 by Shooting Incident Productions, who do location work on “Emmerdale”.


Posted

in

,

by

Tags: