April 30, 2013
Rise in Global Hacking Attacks Shines Light on Weak Site Security, Poor Password Choices
This is the second time this year that e-mail accounts of the world’s third largest e-mail service provider have been compromised by spammers.
According to a U.K. news channel, Yahoo users are again reporting their accounts have been hacked — and, apparently, the same technique used in March is being deployed again. The hacker uses the compromised accounts to send spam to everyone in the account holder’s contacts folder. In most cases, the spam was a link to a financial scam site.
The U.K.’s Channel 4 News has reported the hacker is based in Russia and is an experienced cyber-criminal.
Yahoo, in response to the latest attack, released the same statement as the one in March: “We take data protection very seriously and are currently investigating reports that some Yahoo Mail accounts may have been compromised. As part of normal account security processes, if we detect suspicious activity we act to secure the account and prompt users to change their passwords.”
The technology company has refused to comment on the obviously ongoing security issues with its e-mail program or if it is considering adding two-factor authentication to thwart future attacks.
With two-factor authentication — also known as two-step verification — users must enter their password and a verification code. The code, usually, is sent to the user’s phone via text, voice call, or mobile app.
During sign-in, the user often can request the service no longer ask for a verification code on that particular computer. From that point on, only the user’s password will be required. However, if the user or someone else tries to sign in from a different computer, a verification code will be required to gain access to the account.
As hacking becomes more and more prevalent, e-mail providers and social media sites alike are urging their users to follow good password practices.
Most sites recommend passwords be at least 10 characters and include upper and lower case characters, numbers and symbols.
Using tricks to make memorizing passwords easier such as re-using passwords on multiple accounts or using patterns, simply makes them easier to infiltrate.
According to a Deloitte Canada report, more than 90 percent of user-generated passwords — including the ‘strong’ passwords — will be vulnerable to hackers in a matter of seconds.
SplashData, a provider of password management applications, suggests using passwords with mixed types of characters, for instance: “car_park_city?”
The firm released a list of the 25 worst passwords of 2012 earlier this year. It was assembled using information hackers have posted online as “stolen passwords.”
Here is the list:
# Password Change from 2011
1 password Unchanged
2 123456 Unchanged
3 12345678 Unchanged
4 abc123 Up 1
5 qwerty Down 1
6 monkey Unchanged
7 letmein Up 1
8 dragon Up 2
9 111111 Up 3
10 baseball Up 1
11 iloveyou Up 2
12 trustno1 Down 3
13 1234567 Down 6
14 sunshine Up 1
15 master Down 1
16 123123 Up 4
17 welcome New
18 shadow Up 1
19 ashley Down 3
20 football Up 5
21 jesus New
22 michael Up 2
23 ninja New
24 mustang New
25 password1 New