Was Your Online Recipe Box Hacked?
A lot of people might scratch their heads at having to create a username and password for seemingly harmless online accounts. Anything where money isn’t involved or personal data isn’t entered shouldn’t need strong security protocols, right?
Wrong. There are a lot of reasons to use strict security measures on accounts that might seem unimportant on the surface, namely because they are pieces of your overall identity puzzle. And if you’re one of the far-too-many people who reuses their passwords or uses weak passwords, you might be connecting the pieces for an identity thief.
A recently announced data breach at Allrecipes.com is a prime example. This website lets you do a number of cooking-related things, like browse other people’s recipes, upload some of your own, add photographs of the dishes you’ve tried out, and even select a local grocery store to add ingredients to a virtual shopping list.
It’s hardly your online banking or your IRS taxpayer portal, but that doesn’t mean that someone with the right know-how can’t dig through your details and steal more information. Take a look at just a few of the “what if” ways you can be impacted by this very breach:
1. Username and password – Allrecipes.com notified its users that it suspects someone accessed account holders’ email addresses and passwords. If you reused that email address and password—say, on your email account, credit card login, or on Amazon—they can now access those accounts as well.
2. Health information – In theory, someone who was actively targeting your account could determine from your saved recipes or your uploaded recipes that you have a specific health condition. Knowing that information could potentially lead to issues with medical identity theft, although that might be pretty far-fetched.
3. Photographs – A lot of people love to share photographs of their dinner, especially if it’s something they’ve worked really hard to prepare. Of course, cooking websites are the ideal place to share these images. But if you didn’t turn off the geolocation tagging feature before taking that picture, sharing it online could alert a hacker to your physical location.
4. Zip code – Even without the exact geotagged coordinates to your house, you could have told a hacker where you live. More specifically, you might have provided a key piece of financial information by selecting a grocery store for your shopping list. To do so, you have to supply your zip code, which is often used in conjunction with your credit card number to make online purchases.
5. Payment information – It’s very important to note that no credit card information was accessed in this breach. However, it’s possible that someone with your account details can log into your account and see some payment details if you signed up for a premium membership. While a typical user cannot uncover your credit card number on the screen, someone with the right tools and know-how could.
Even if nothing harmful comes of this, quite often hackers go after email addresses to launch spam, phishing, and even ransomware attacks. It’s important to be vigilant about your email inbox and avoid behaviors that can make you a target. Allrecipes.com is encouraging its users to change their passwords immediately—which is a good routine habit to have anyway—but make sure you’re only using strong passwords that contain a long string of numbers, letters, and symbols, and that you’re not using it on several different accounts.
If you think you may be a victim of identity theft, contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App.