26th October 2015
Much is being made in the press about the recent breach of customer data over at TalkTalk, and with some good cause. But what can we all learn from this, even as those who aren't customers of TalkTalk?
Tthis is a good time to drag out that old topic, Passwords. Yes, we know. You know you are supposed to keep them distinct, and you know they need to be better than bleedingly obvious. But they aren't right? So why does it matter?
Well this breach is a classic example. Let's say you're called "Joe Bloggs" and you're born "10th March 2000", with an address of "1 Townsville, BigTown, PO5 1ST". Let's also say you've set your password, rather unimagiatively to "bloggsy1" and your e-mail address is "firstname.lastname@example.org"
So now someone compromises Talk Talk. They know all of those details. So let's just try logging into your Facebook account... I mean you wouldn't be "email@example.com" and a password of "bloggsy1" now would you? Of course you are... Next, let's try logging into Amazon.co.uk - surely you're not "firstname.lastname@example.org" and a password of "bloggsy1" - right again, and I've now got your Amazon account as well as Facebook.
But not to worry, because if someone changed your details you'd know... well no... because of course I log into your e-mail account, cunningly assuming it will be "email@example.com" and yep, that old favourite "bloggsy1". I'm in, I can change your password so YOU can't get to the account, I can delete any e-mails about changes to your accounts and of course now I can see what else you have - because pretty much everyone e-mails you.
The simple truth is, the password was the key that let me into all of the different web sites and services that you have access to. As it's the same throughout your online existance, I'm now logged into everything... I can buy things as you (many web sites keep your card details on file), post to your facebook, send e-mail as you... the works...
The most obvious thing you think of however is the bank accounts, card details that could be compromised. It isn't unheard of, but often this isn't actually the information that is stolen. A few tips though to consider:
- Always use a Credit Card - not a Debit Card for any on-going payments if you must use a card. You have more protection with Credit Cards than Debit Cards.
- Make sure you do receive and view your statements. Personally I prefer Paper Statements as the act of receiving them makes me review them - whereas electronic statements get ignored in amongst a million other e-mails.
- Ensure you use the "Secure Code" and "Verified by Visa" options where provided.
Are you getting the best out of your IT?Take the Quiz