While hackers are finding new ways to infiltrate computers and networks, email accounts remain the preferred target for extracting sensitive data. The latest breach was found in the Yahoo email service, which was officially acknowledged and confirmed by the internet company on its Tumblr page.
The company automatically reset the passwords on the affected accounts and notified the users, even via mobile messages where possible. “Double sign-in verifications” were also activated to provide additional safety for the impacted users.
Yahoo is currently the second largest email service after Google’s Gmail, with an estimated 273 million users worldwide. The company claims the hacking was done via a third party database and nothing was harvested directly from the servers.
It has been a rough start to the year for Yahoo. Earlier in January the content giant admitted to having Malicious Ads, hurting Windows PC users, on their European sites. Although no exact numbers have been released by the company, it’s being estimated that millions of users have been affected by the aforementioned email exploit. The following steps must be taken by all to fortify the first and last line of defense available today – the passwords.
1 – Avoid using the same login credentials for multiple emails/accounts.
This is a common mistake made by users active on different platforms. For example, using the same Gmail & Yahoo account details makes it easier for the hacker to gain access once one account is compromised. This practice increases the probability of cybercrime activity and phishing scams especially when commercial or work related accounts are involved. Login credentials must be diversified and unique for each website.
2 – Use Password change/reset mechanisms smartly.
All emails and services ask a series of questions during registration. The most common queries are related to schools, childhood and personal events. These details eventually help users to retrieve their passwords if they forget it. But this feature is also helps hackers do the same. This is why users should use bogus identities and not use real information that is searchable on the web and social networks.
3 – The passwords should be as long as possible.
Hackers who steal passwords from servers get them in encrypted (hashed) form, which are eventually unscrambled with sophisticated software. Short passwords stand no chance to stay undetected. This is why passwords should include different types of characters and also be unpredictable. While it’s common to assume these measures are taken, this is not the case, as SplashData’s Worst Passwords of 2013 List shows.
Strong passwords are the only way to secure your emails and other online service accounts. It’s highly recommended to take the extra step and use dedicated password generating managers that eliminate the need to document or remember complex combinations. Security staff at workplaces should also ensure that all workers implement the important steps mentioned above. Information security and comfortable logins can’t go hand in hand.
Sign up today & never miss an update from the Checkmarx blog
Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.
Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.