Have you recently done a security checkup?
Cyber security is the practice of protecting systems, networks, and programs from digital attacks. These attacks are usually aimed at accessing, changing, or destroying sensitive information, extorting money from users, or interrupting normal business processes. Implementing effective cyber security measures is particularly challenging today because there are more devices than people, and attackers are becoming more innovative. People often use the same passwords on multiple accounts (and rarely change their passwords unless prompted). Since people are often the “weakest link” in a security program, one should periodically do a security checkup. This applies to individuals as well as organizations.
As you know, a security hacker is someone who seeks to breach defenses and exploit weaknesses in a computer system or network. Hackers may be motivated by a multitude of reasons, such as profit, protest, information gathering, challenge, recreation, or to evaluate system weaknesses to assist in formulating defenses against potential hackers. Once systems have been compromised or passwords leaked, access credentials are often placed on the “dark web.”
Some recent attacks – Facebook
3 months back on September 25, Facebook engineering team discovered a security issue affecting almost 50 million accounts. Attackers exploited a vulnerability in Facebook’s code that impacted “View As” a feature that lets people see what their own profile looks like to someone else. This allowed them to steal Facebook access tokens which they could then use to take over people’s accounts. Access tokens are the equivalent of digital keys that keep people logged in to Facebook so they don’t need to re-enter their password every time they use the app.
In this article you can read about these Facebook attacks investigation and what we have learned from it. There is another article which tells more about how to check if your Facebook account got hacked and how badly.
Another attack – Starwood
Marriott’s guest reservation system has been hacked, potentially exposing the personal information of approximately 500 million guests. The hotel chain reported the hack affects its Starwood reservation database, a group of hotels it bought in 2016 that includes the St. Regis, Westin, Sheraton and W Hotels.
The company recently discovered that an unauthorized party had copied and encrypted information, and took steps towards removing it.
Here is link to read the detailed news.
These are just two examples of many security breaches in 2018. It is a good idea to periodically question if you have been hacked.
How to tell if you have been hacked?
There are several online tools that can help you determine whether your accounts are secure. Here are a few of the best tools to check whether your online accounts have been hacked or compromised.
Have I Been Pwned is one of the best ways to check if your online accounts have been compromised? The tool uses your email address to check whether it is associated with any hacked data. Security expert Troy Hunt created the website, which lets users cross-reference their information with databases of breached credentials which were made.
Helpful sites for to tell if you have been hacked
- Has my email account has been hacked (if you suspect your account has been compromised, this is one of the first places you should check out).
- OSINT Framework (this is a collection of tools which more experienced individuals can reference to help determine if an account has been compromised).
- Firefox Monitor is another tool (an add-on to the Firefox Browser in this case) which informs you of what information hackers already have on you (and more).
What should one do if they find they are hacked?
- Take a close look at the “hacked” account.
- Get your account back to normal status.
- Tell friends and family you’ve been hacked.
- Keep an eye on your financial or credit accounts.
- Scan your computer for viruses and malware.
- Reinstall your operating system and restore critical data from your backups (you have tested backups and can restore from them, haven’t you).
Precautions we should take to avoid the Hacks
- Change your passwords routinely.
- Use a password vault. There are many available. This allows you to use different passwords on every site.
- Use two factor authentication where possible.
- Don’t re-use passwords on multiple sites.
- Keep your passwords long (and complex). If in doubt, length wins over complexity.
Sites you should reference
- Length wins – sites like http://correcthorsebatterystaple.net/provide long passwords that can almost be remembered (again use a password vault)
- This article 30 security terms you need to know to protect yourself online gives you more information on how you can protect yourself online.
We recommend periodically checking your accounts (and following recommended steps such as regularly changing your passwords). As 2018 draws to a close, this is a good time to review your security practices (and to start the habit of frequent reviews).
As always, we look forward to your comments and insights.