Just a couple of weeks ago, we published this blog “Beware! Your social media password could let your business down!” and now comes the shocking news about the hack AP’s Twitter account, which created a big embarrassment to the world’s largest and most trusted news cooperative, besides causing panic waves in the Wall Street.
The overwhelming popularity of social media attracts the attention of cyber-criminals, who are looking for easy ways to harvest online identities. In fact, the job of cyber-criminals has become a lot easier in this ‘social media era’. The traditional attack vectors are losing their sheen as social media is fast emerging the most convenient platform for malware delivery by hackers. Despite untiring awareness campaigns by the social media giants, even tech-savvy users are falling prey to various attacks perpetrated through the social media.
Cyber-criminals are increasingly targeting the login credentials of employees and administrative passwords of IT resources, using a number of techniques like spam and phishing emails, keystroke loggers, and Remote Access Trojans (RAT). Once the login credentials of an employee or an administrative password of a sensitive IT resource is compromised, the institution will become a paradise for the hacker. The criminal will then be able to initiate unauthorized wire transfers, view the transactions of customers, download customer information or carry out sabotage.
In the case of AP account hack, the cyber-criminals apparently used the phishing attack channel and created panic by posting mischievous tweets reaching out to more than 1.8 million followers of AP.
Lessons from social media hacks
The problem becomes much more complex when users tend to use the same password for many online accounts. With the proliferation of online applications, users find it hard to remember passwords and follow the easy way of using the same password for all the accounts – social media, banking, brokerage and other business accounts. This ‘single master-key’ practice makes the hackers doubly happy. Their job gets greatly simplified. Identity theft at one place leads to compromises at numerous other places. In all probability, hackers would be able to easily gain access to other online accounts too.
That is why cyber-criminals are also looking at stealing identities in a big way – just as it happened with Linkedin last year, where over 6.46 million hashed passwords were stolen.
Importance of assigning unique password for every online account
The continuing attacks make us reiterate the password management best practices again and again. As we had been pointing out in this blog series repeatedly, it is always prudent to have unique passwords for every website and application and supply it ONLY on that site/app. When there is news of password expose or hacks, you can just change the password for that site/app alone. Frequently changing passwords as a habit is always a great one to have.
But, here comes the problem: You will have to remember multiple passwords – sometimes in the order of tens or even hundreds. It is quite likely that you will forget passwords and at the most needed occasion, you will struggle logging in.
Use a Password Manager
Just like you have an email account; consider using a password manager too. In order to combat cyber-threats, proper password management should ideally become a ‘way of life’. Password Managers help securely store all your logins and passwords. In addition, you will get an option to launch a direct connection to the websites / applications from the password vault’s GUI itself. Once you deploy a Password Manager, you can say goodbye to password fatigue and security lapses. With unique passwords for every online application, you need not fear about identity thefts perpetrated through social media.