Your Username and Password Were Stolen. Now What?

​Far too many people are cavalier about password security.  Perhaps knowing what cyber-thieves do once they have your password will encourage better practices.  Fortunately, as reported on the BBC News website, two computer scientists from the University College in London, England recently released the findings of a study on this very topic.
 
The duo created 100 fake Gmail accounts and then “accidentally” shared their credentials on forums and sites that nefarious data traders are known to frequent.
 
What they found was that there are three main types of data thieves:
 

• Those looking to exploit the user’s information for financial gain checked that the credentials were valid, and then appeared to sit back and monitor the email traffic, presumably looking for something lucrative to steal, such as emails to and from banks and other online services. After a while, if nothing interesting appeared in a mailbox, the hackers moved on. 
• Spammers would check that the accounts are for real people, and would then use them to send out thousands or millions of spam emails from the user, on the assumption that the user’s email address had not been blacklisted (yet).
• Malicious hackers would use the address list of the account holders to send malware, relying on the social engineering aspect that a person is more likely to open an attachment in an email from someone they know.

 
Password theft is increasing.  Yahoo, MySpace, Twitter, LinkedIn, Dropbox and Tumblr have at least two things in common. They are all widely used social networking sites (well, maybe not MySpace anymore), and they have all had their user accounts stolen in the past couple of years. Yahoo has the dubious honour of having the most user accounts stolen – over 500 million were acquired by thieves in 2014.
 
If you have a user account on any of these sites, you ought to change your password. In fact, changing your password for any user account, on a regular basis, is a good habit to pick up. Not only will you protect yourself, you will help to protect all of your contacts from becoming victims as well. 
 
Information security should be at the top of everyone’s list of Internet habits. The better protected you are, the less likely you are to be the victim, and tool, of a data thief.