In an ironic twist of fate, Thursday’s “World Password Day” was marked with the news that the passwords for all Twitter users globally had the potential to be exposed after a glitch in the company’s encryption process.
Breaches of online accounts and the leaking of personal details are becoming an ever more present concern. In the case of Twitter, an internal bug was to blame however many breaches are often the work of individuals with the intent to cause harm or create havoc. In documented cases in the past 6 years, not considering all those that are not yet announced, over 5 billion personal accounts have been victim to data breaches across platforms such as LinkedIn, Ashley Madison, MySpace, and Dropbox amongst others. But what does a breach mean to me and should I care? The answer is a simple yes.
A breached account means that the email address, username and password all have the potential to be exposed. Additionally, it can also give someone access to personal information, private photos and message chains, and entirely opens up the possibility of identity theft. How are your friends and colleagues to know that the person sending them links to phishing sites or posting content from your account is not you? This can lead to serious reputation concerns that affect both personal and professional life.
Taking the necessary steps to reduce vulnerability online start with password management including regularly changing passwords, using random strings of characters and using different passwords for each account. Nevertheless, password management is a chore. Everyone suffers from the frustration of typing passwords over and over again as we struggle to remember whether this one has an exclamation mark or not. Due to this, we often take the easy way out with simple to remember, repeated passwords across multiple accounts. However, if we stop to really consider how much information a single password is protecting, our attitude towards them would not be so lax.
Our analysts at Neotas regularly stumble upon breached accounts and passwords whether in screenings, SMR Fit and Proper checks or investment due diligence. Regardless of our research purpose, we work with all of our clients to provide recommendations and advice in order to ensure the safety of the individuals and to protect both the individual and organisation against any reputational damage or further data breach.