In the past, we have featured articles on this blog about the importance of choosing strong passwords. Far too many computer users rely on common passwords that are easy to guess, leaving them vulnerable to identity theft.
The solution to this problem is to use complex passwords that would require a nearly impossible amount of trial and error to break through. But even that isn’t always enough to guarantee that your online accounts remain secure. Sometimes, major data breaches can reveal passwords, regardless of how complicated they are.
Web Host Data Breach Exposes 13 Million Passwords
According to a recent report by eSecurityPlanet, a hacker recently breached the free web hosting service 000webhost and published more than 13 million user names, email addresses and passwords. The company confirmed that it became aware of the problem this month, and suspects that the actual breach occurred some time in March. Though all of the user passwords have since been reset, there was a period of time when the data was being sold for thousands of dollars on the Internet. It is possible that thieves were able to access the information and use it to commit identity theft before users had a chance to change their passwords.
“During the customer sign-up process, 000webhost permitted the user’s account name and password to be displayed in plain text in the address bar of the web browser, meaning that anyone with access to the website logs would also have the ability to access the user credentials,” MicroStrategy president Jonathan Klein told eSecurity Planet. “The credentials were also stored unencrypted on 000webhost’s servers. At the very least, 000webhost should have encrypted all customer information in transit and at rest. But even better, they should have taken advantage of advanced security techniques, like multi-factor authentication, so user accounts would not be exposed to a simple breach of passwords.”
The one lesson we should take away from data breaches of this kind is that no security method is foolproof. Even if you have created the strongest account protections possible for your personal data, there is no telling whether there are other system weaknesses outside of your control that hackers could exploit.
Here are some actions you can take to protect yourself:
- Use multiple passwords. It’s hard to remember multiple passwords, but there’s no point in creating one complicated password if you use it for every single account. Even if one of your passwords is compromised at some point, at least you’ll have other ones to protect you.
- Use two-step verification wherever possible. Many services, such as Google Accounts, offer two-step verification access. This means that a password alone will not get you into your account—you’ll also have to enter a code that has been sent to your smartphone. This is a highly effective way to prevent people from accessing your online accounts, even if they have your password.
- Finally, change your passwords often. You should change your passwords every few months to give your online accounts the most security.
If you’re worried about your online accounts and in turn your identity, be sure to invest in a credit monitoring service. These services can notify you of certain activities that may indicate fraud. This can give you much-needed peace of mind, allowing you to rest assured that you’re taking important measures to safeguard your identity.