It seems that people are truly shocked when their identities get exposed, and the vast majority use the same single password for ALL of their online accounts. That’s just crazy!
A ‘kind-hearted’ hacker recently exposed a bunch of online accounts (with passwords) to gain himself more status in a hacker forum (l33t sk1llz dudebro!).
WHEN Australian web users learned from the Herald that details of their online accounts had been posted on a hacker’s website for all to see, they were suspicious, then alarmed, then furious at the hacker who compromised their identities.
Email addresses, matched with user names and passwords for online memberships, were offered by the hacker for anyone wanting to try their hand at identity theft or even financial fraud.
The Herald stumbled across the site during its investigations into online fraud. “It’s obviously startling,” said Lachlan Yee, a research associate in biotechnology at the University of NSW and one of those whose details were exposed by the hacker.
Identity fraud is big business now and generally online info is hot, if you have someones e-mail address and general password…you can withdraw all their money from Paypal for example.
You may be able to login into their online bank account if the details are contained in their e-mail and so on.
There are endless possibilities for the creative.
Many of the accounts were generic accounts for Hotmail, Yahoo! and Gmail. But more than 50 were clearly Australian-based, and all were alerted to the breach. “To be honest the whole thing has me a bit spooked,” said one victim, Jonathan Eyles.
“They definitely got me,” said Eyles, a graphic designer in Ultimo. He said the compromised password had been used for many purposes, although online banking was not one of them.
A Victorian man who asked that only his first name, Ben, be used, said he would need to change passwords for about 20 sites because of the breach.
If people want a solution I suggest they use something like this – passhash – they can still have one secure, strong master password but then have unique hashed passwords for every site they use.
This has the advantage that if one site is compromised (and they aren’t using hashed passwords in the DB – it’s stored in plaintext) the hacker won’t have your password to every site as they will all be unique.
Source: Sydney Morning Herald (Thanks Morgan)