Is Your Password Doing the Hacker’s Dirty Work?
Two major breaches have been announced in the past few days, and in both cases, the real discovery was that too many tech users are still not getting the message about password security. Both file-sharing tool Dropbox and Russian email giant Rambler.ru (similar to Yahoo email) suffered breaches in which hackers got the login credentials for millions of users. Among the data that was leaked online was a list of the most commonly used passwords on those sites.
Here’s a breakdown of what happened. First, regarding Dropbox, back in 2012 an employee’s password was obtained illegally. How? Because this employee also used that same password on another website, and that website was hacked. So once the hacker had access to the employee’s Dropbox password, he opened files and retrieved the passwords for about 60 million users and then uploaded that information to the dark web.
If any of those 60 million people are reusing their passwords on other accounts—in the very same way that the employee did—then anyone can access those accounts after retrieving the cracked password list.
The information from the Rambler breach was far more interesting from a password strength standpoint. Tech users have long be warned to use strong, unique passwords; strong passwords are not easily guessed by cracking software due to their seemingly random strings of characters, and unique passwords are only used on one account… ever.
Unfortunately, the Rambler breach revealed that more than 700,000 users of the 98 million whose accounts were compromised used “asdasd” as their password. Well over 400,000 users relied on “asdasd123” as their password, and over 430,000 people chose “123456” as their password.
One of the likely culprits that keeps people from generating stronger passwords is the annoying need to remember it. Also, a lot of people think hackers sit at their computers and type in password after password after password, the way the good guys do in the movies before finally striking upon the correct guess. Instead, hackers rely on password guessing software that can try millions of different attempts in just a few moments. That letter combination or the word they chose might be too simple to keep them safe.
There’s one other important lesson about passwords that can be taken from this: changing it up. The Dropbox breach happened in 2012, so if users haven’t changed their passwords since then, the information that got posted online is still valid, and can still hurt them. Changing your passwords from time to time will help protect your accounts and give you peace of mind in the next data breach.
Anyone can be a victim of identity theft, anyone can use our services, and anyone can help us help others. If you found this information useful, please consider donating to the Identity Theft Resource Center to help us keep our services free to the public.