LinkedIn. Twitter. Evernote. What do these companies have in common besides their popularity? They’ve all been hacked in the last year, and had customer data stolen.
Cybercriminals attack big companies for the big prize: user account information. With email addresses and passwords in hand, they go on an account-cracking spree across the Internet, hoping that some of the users in their massive heist are using the same weak passwords on multiple sites. It’s likely some of your accounts have already beenswept up in data breaches like this.
If the hackers are lucky they might gain other profitable information like addresses, phone numbers, credit card numbers. They could gain access to your email and turn it into a spam generator, or they could commandeer your Facebook account and send pay-per-click scams to your friends. Everything they do with your data is money in their pockets.
The popularity of sites like LinkedIn, Twitter, and Evernote makes them juicy targets. The 2012 LinkedIn attack alone netted over 6 million passwords.
Dealing with one hacked account is straightforward: you report it to the site in question and they reset it, presuming you’re the owner. But what if the site itself is hacked and thousands of accounts stolen? How do you know if yours is one of them and what should you do about it?
If a site you use is compromised, you should immediately reset your password. It doesn’t matter whether your account was part of the breach or not. Your primary defense is making all of your passwords strong and unique on every site. Modern security advice says that passwords should be 12 characters or longer with a mix of letters, numbers, and symbols. You’ll find out more about secure passwords on my Tech Tips blog.
Stay informed about the company’s efforts, but be warned that scammers are quick to jump on such news themselves. After the LinkedIn breach, people were inundated with spam emails that pretended to be password resets from LinkedIn. Never click on links in email. Instead, type thesite’s address into your browser.
The breached company will provide information for customers. Sometimes they aren’t as smart about security as we’d like, and send out real password reset emails that get mixed in with the spammy ones. Even if the company tells you to click an emailed link, visit the site directly, just in case.
Follow best security practices at home and at work. Reliable antivirus and frequent software updates will maintain your defenses. It’s vital that you use a current version of your web browser (Internet Explorer, Firefox, Safari, Chrome). Old versions have bugs that are easily exploited by criminals. You also need to update helper programs like Flash and Adobe Reader.
Keep an eye on bank account statements and credit reports, and act quickly on any anomalies. Pass this information along to your friends and colleagues, too.
You can’t rely on big companies to protect your accounts for you, nor can you afford to ignore the potential nightmares of identity theft and financial fraud. But if you take some time to reinforce your security, and know what to in case of emergency, you’ll be prepared.
• Triona Guidry is a freelance writer and IT specialist. Her Tech Tipsblog (http://www.guidryconsulting.com/techtips) offers computer help and social media advice. She can be reached at firstname.lastname@example.org or via Twitter @trionaguidry.