[ad]<\/p>\n
It seems that people are truly shocked when their identities get exposed, and the vast majority use the same single password for ALL of their online accounts. That’s just crazy!<\/p>\n
A ‘kind-hearted’ hacker recently exposed a bunch of online accounts (with passwords) to gain himself more status in a hacker forum (l33t sk1llz dudebro!).<\/p>\n
WHEN Australian web users learned from the Herald that details of their online accounts had been posted on a hacker’s website for all to see, they were suspicious, then alarmed, then furious at the hacker who compromised their identities.<\/p>\n
Email addresses, matched with user names and passwords for online memberships, were offered by the hacker for anyone wanting to try their hand at identity theft or even financial fraud.<\/p>\n
The Herald stumbled across the site during its investigations into online fraud. “It’s obviously startling,” said Lachlan Yee, a research associate in biotechnology at the University of NSW and one of those whose details were exposed by the hacker.<\/p><\/blockquote>\n
Identity fraud is big business now and generally online info is hot, if you have someones e-mail address and general password…you can withdraw all their money from Paypal for example.<\/p>\n
You may be able to login into their online bank account if the details are contained in their e-mail and so on.<\/p>\n
There are endless possibilities for the creative.<\/p>\n
Many of the accounts were generic accounts for Hotmail, Yahoo! and Gmail. But more than 50 were clearly Australian-based, and all were alerted to the breach. “To be honest the whole thing has me a bit spooked,” said one victim, Jonathan Eyles.<\/p>\n
“They definitely got me,” said Eyles, a graphic designer in Ultimo. He said the compromised password had been used for many purposes, although online banking was not one of them.<\/p>\n
A Victorian man who asked that only his first name, Ben, be used, said he would need to change passwords for about 20 sites because of the breach.<\/p><\/blockquote>\n
If people want a solution I suggest they use something like this – passhash<\/a> – they can still have one secure, strong master password but then have unique hashed passwords for every site they use.<\/p>\n
This has the advantage that if one site is compromised (and they aren’t using hashed passwords in the DB – it’s stored in plaintext) the hacker won’t have your password to every site as they will all be unique.<\/p>\n
<\/p>\n