Data security alert: What happens when your login is stolen?
As the key that grants access to your most important online accounts, your login information is a prize for hackers. Obtaining your login credentials allows them to use your email address, dip into your bank accounts, read your confidential business documents, and discover and sell all kinds of secrets about you, including your medical history, Social Security Number, and the contact information of family, friends and co-workers.
They can also lock you out of your accounts, and use your accounts to spread malware or impersonate you. For example, the Magnolia Health Corporation recently suffered a serious data breach when someone gained access to the CEO's email account and requested sensitive information about employees. Simply by impersonating the CEO via email, a cyber criminal was able to obtain all kinds of data, ranging from Social Security Numbers to salaries.
The Bitglass experiment
Recently, Bitglass came out with a report showing what happens when your login is stolen. Their research team made-up a digital profile, including a Google Drive account and a bank portal, for a fictional bank employee. They then leaked the login data into the Dark Web; a watermark on each file allowed Bitglass to track what happened to these pieces of information.
Within a relatively short amount of time, hundreds of people from around the world viewed the login credentials. Most of the hackers who accessed the Google Drive account and bank portal were savvy enough to mask their IP addresses. The vast majority of hackers tried the login credentials on other accounts, counting on the fact that the fictional bank employee would use the same information across sites. Many also downloaded various files - sometimes indiscriminately, other times targeting files that seemed to contain sensitive information.
Another alarming development showed how the login credentials lingered, with people revisiting them. Months after the initial leak, hackers appeared to take interest in the data once more, and there was another flurry of activity.
Once your sensitive data is out there, cyber criminals can find all kinds of ways to exploit it. You, and the people in your professional and social network, remain exposed and vulnerable.
How can your login credentials get stolen?
There are a number of ways hackers and scammers can obtain your username and password, including the following:
• Your password is easy to guess or you have shared it with people.
• Hackers correctly guess the answers to password recovery questions.
• Malware has gotten on your computing device and has tracked keystrokes, including what you enter into web forms.
• You fell victim to a phishing scam, providing your credentials to an impersonator or entering them into a fraudulent website (for example, a site that closely resembles the one for your bank).
• Cyber criminals have gained access to your unattended computing device.
Strong login protection
As mentioned in the Bitglass Report, there are a number of strategies for keeping your login credentials safe. These include choosing strong passwords, using multi-factor authentication, and not using the same login credentials for all of your accounts.
You should set up ways to monitor your accounts and receive alerts for suspicious activities - for example, if your account gets hit with multiple login attempts from different countries. Furthermore, if you suspect that one of your accounts is compromised, you should act immediately, notifying people, tracking account-related activities and changing your login credentials.
It's also important to keep an eye on your computing devices and not leave them unattended. In addition to guarding against physical theft, you should protect each device as best as possible with anti-malware programs and firewalls.
To further discuss the security of your login credentials, don't hesitate to contact us. We're fully aware of what can happen to your login information once it's stolen. We'll help you consistently protect your sensitive data and remain vigilant against data theft.