Latest Yahoo!® Breach Underscores Need for User Vigilance
Use of Complex, Unique Email Passwords and Account Log-ons Critical to Ensure Safety of Your Personal Data
Web commerce has come to revolve around account usernames based on a valid e-mail address. However, many consumers continue to use the same e-mail address and password(s) to create financial transaction accounts across multiple websites. Cyber criminals know this and are experts at correlating valid e-mail accounts with third-party services. This enables them to steal from financial accounts and carry out a variety of other scams.
Yahoo!® is the latest example of data thieves gaining unauthorized access to an undisclosed number of their mail users' account credentials. (Yahoo is contacting victims individually and advising them to change their passwords and to use distinctive passwords for any online accounts tied to Yahoo!® mail.)
In today's internet environment, it is very important for users to understand never to use the same password on multiple sites or services. Though this has long been true, too many consumers either still do not know this or ignore it.The days of the simple username and password is just not an option any longer. In Yahoo's recent breach, hackers did not penetrate Yahoo's network defenses, instead stealing data from a third-party website that allows the use of Yahoo e-mail addresses to create customer accounts.
One of the fundamental truths of information security is the first thing an attacker will do is to steal the credentials of an insider. This gives attackers a foothold, which they use to steal the credentials of an authorized, privileged user. Attacks like the one on Yahoo can be used to gather information to precipitate broader coordinate attacks on business.
Internet security experts recommend Users heed the following advice to take responsibility for their own data when online:
- If you or someone you know has a Yahoo email address, the password should be changed immediately.
- If you use your Yahoo!® email address for other services, you may wish to update/change passwords on those sites.
- If you have a Yahoo!® email address and store passwords/usernames in your email account, you may wish to change credentials for those sites as well.
- Since many web users use the same password for multiple email addresses, other accounts with the same "handle" may be compromised as well. It is a short step for hackers to assume if you are BadLuck@Yahoo.com that you could also be BadLuck@gmail.com.
- Use passwords that are complex, (longer, alpha/numeric, special characters) to make it harder for the attacker
- Do not use the same password in multiple places so if one password is compromised, your other accounts are not at risk
- Enable alerts so you know if someone is trying to hack into your account.
- Take advantage of any security options a vendor makes available to you. It's a small price to pay for protecting your bank account and credit rating.
- Never use your e-mail as a storage repository. All of the bills, passwords you mention, information that is a password re-set question, etc., in your messages or archives give an attacker full access to your life if they compromise your account password.
- Check your "Sent" mail to ensure your account has not been used to send fraudulent emails.
If you have any other questions, please feel free to contact your Prime Meridian Bank representative directly or call 850-907-2300.