It is that time again, on steroids, and it is about as much fun as hemorrhoids. Time to check my security settings on the website, tighten down the connections, and so on, with all the routine weekly checks, but the biggy today is to see what damage might have been done per the Linked In data debacle. http://mashable.com/2012/06/06/6-5-million-linkedin-passwords/
There is a big difference between having your personal account hacked and being a data point in a massive database breech. There is very little you can do to protect yourself when you provide information to or create information for someone else’s database other than to limit any damage of that data being accessed to that one account. In other words, do not reuse passwords. Keep any data hack isolated to that one event. If you do reuse passwords and one of the sites with that password is hacked, change the password on all the sites that used that password.
The breeched accounts are already being used for phishing scams. http://bits.blogs.nytimes.com/2012/06/06/that-was-fast-criminals-exploit-linkedin-breach-for-phishing-attacks/
Purdue University has a fairly good paper on the topic of password security. http://www.purdue.edu/securepurdue/pswdManager.cfm Automated password keepers are often recommended by computer security experts. But these are useless if you use the same passwords for multiple accounts. http://www.purdue.edu/securepurdue/pswdManager.cfm
Most compromised data, logins, passwords, and the like are not personally motivated attacks. I have had clients who thought that because they had nothing of “value” on their accounts that no one would want to hack them. This is a dangerous misconception for two reasons.
The first is that you may have more of value than you realize. You can be individually targeted, although such personal attack is unlikely.
The more likely scenario is for your information to be a few bits of data in a large scale theft of information in a database. The database may contain information that can can be sold such as credit card numbers, links to other databases with financial information or pathways to that information.
There is also the cyberwar that our governments are waging against each other, and we must presume that the massive accumulation, filtering, and storage of our personal data, by our governments in the name of national security can also be targets of attack by opposing governments.
I’m sure I have oversimplified a very complex situation. I have covered some under-covered aspects of hacking that can be confusing to people who have no need to know about databases or the backends of social media programs, but who can be impacted by abuse of those social media platforms that they use.