With data breaches being one of the most constant and increasing threats which commonly effects the general public, many users mistakenly assume these would generally have little to no impact on them, unless they were a notable figure worth targeting. Unfortunately, this is not the reality; and these data breaches have huge implications on regular people almost every day.
A report published by google, outlines that 65% of internet users reuse the same password across multiple, if not all accounts. Most of us have read information on the best practices to use when managing your passwords, and never reusing the same password is among one of them. But what implications does reusing passwords have? Is it likely to affect me?
Reusing passwords can have serious consequences not only to important figures, but also toeveryday users. Most commonly, it leaves users vulnerable to a specific type of attack:
Credential Stuffing.
Credential stuffing is a type of cyber-attack where login credentials obtained from a data breach on one service are used to log in on another, entirely unrelated service. This type of attack is widespread and continues to plague users because of breached credentials available on hacker forums.
For example, a user who had an account on Yahoo, which was breached in 2017 had their credentials leaked as part of a 3 billion user account list. A hacker would then use software to attempt to login to Netflix with these 3 billion account credentials. Because this particular user uses the same password across multiple websites, the hacker gained unauthorized access to their Netflix account.
The prevalence of the widespread nature and success of these attacks is most alarming. On one dark web forum, there are hundreds of ‘account shops’, all of which offer the sale of working accounts for a variety of services, such as Netflix, Spotify or Disney Plus, for as little as $0.50.
In some cases, becoming a victim of this type of attack would result in several unauthorised users using your Netflix account without your knowledge. However, in more serious cases, an unauthorised user would charge hundreds of dollars to purchase products using your stored credit card information, which was the case in a recent round of credential stuffing attacks on Roku.
Protecting yourself from this type of attack requires several proactive strategies, all of which would prevent it entirely.
- Use strong and unique passwords. Avoid using the same password across different
sites, consider using a password manager to aid in this process. - Enable Multi-Factor Authentication (MFA). MFA adds an extra layer of security to your
account, disallowing access with just a valid password. - Regularly update your passwords. You should do this immediately if you suspect they
have been compromised. - Monitor account activity. Enable alerts of suspicious behaviour if possible.
You can see a list of data breaches you are a part of by using a service such as
HaveIBeenPwned.
The importance of security over convenience is becoming increasingly vital with all aspects of our life becoming digital, being banking or healthcare. As more personal and sensitive information is being stored online, prioritizing security, even when it requires more of an effort, is paramount to avoiding becoming a victim of cyber-crime and the long-lasting consequences that come with it.
