Have you noticed that many entities, Worldwide, have requested that users reset their passwords? You’ve probably heard about the countless security breaches involving major companies and government offices. Sure, they might involve credit card numbers, or even personal information… but, perhaps more important, HUNDREDS OF MILLIONS OF LOGINS AND PASSWORDS HAVE BEEN STOLEN. Many hundreds of millions more have been stolen from smaller organizations that you’ll never hear about.
Initially, these logins/passwords may be used directly by the thieves, or sold around the World. Eventually, the information is available, for free, through hacker websites.
Recently, major companies (like GoToMyPC, Carbonite, & LogMeIn) have started reviewing some of the stolen login/passwords that have been circulating in the criminal World. To their horror, they’ve found that many of the stolen login/password combinations work on their websites and, in fact, are noticing specific attacks that are utilizing this stolen information.
Because of these widespread and increasing attacks, many companies are ramping up their security and asking all users to change their passwords immediately. In many cases you have no choice, as you will not be able to access your account without a password change.
Unfortunately, many of us use the same login and simple password for many different accounts. It’s easier that way. Some people think they’ve fixed the problem by using more complex passwords, utilizing upper and lowercase letters, numbers & symbols.
The root of the problem is that we tend to use the SAME PASSWORD. Now that the logins and passwords are out there, it’s easy enough for criminals to try a given stolen login/password at hundreds of websites. Like your bank, Amazon, Ebay, dating sites, or government websites. And in each website they get into, they can find more and more information about you, all leading to potential identity theft or financial loss.
The only answer is: Change all of your passwords, use complex passwords, and DON’T USE THE SAME PASSWORD for all websites!!! It’s your choice: Security or Convenience… you can’t have both.
If you want to see if your email address (and password) are floating around in the Dark Web, just visit the site https://haveibeenpwned.com. This is by no means a comprehensive listing of all compromised logins… in fact it represents a tiny portion of what’s out there, but it should be enough to give you a good scare.