Password Management 101. Part B: A quick what if in a hypothetical Data Breach

 The Dangers of Reusing Passwords: An Entirely Hypothetical Scenario.

Imagine that you're a hacker looking to gain access to someone's online accounts. You've come across a list of passwords that were recently leaked in a data breach, and you notice that one of the passwords is one that you've seen before - it's a password that you've used on a few of your own accounts and its also linked to a target of yours.

You decide to try using this password to see if it works on any other accounts. You start by searching for the person's email address online, and you quickly find their social media profiles. You try logging into their social media accounts using the password from the data breach, and to your surprise, it works.

Now that you have access to their social media accounts, you start digging deeper. You look through their posts and profile information to see what you can learn about them. You notice that they've posted about their recent vacation to Hawaii, and you see that they've mentioned their love of hiking.

Using this information, you start searching for other online accounts that might be associated with the person. You try using the password from the data breach and information re their love of hiking as part of the login credentials, and to your surprise, it works again - you're getting closer to their financial accounts now.

But you don't stop there. You continue to search for other accounts that the person might have, using the information you've gathered from their social media profiles, the password from the data breach and online searching tools like Spiderfoot, Sherlock and Maltego. You're able to gain access to their email account, their online shopping accounts, and even their work account all using information pooled from the initial breach paired with open source investigation strategies. And a little dose of hacking & profiling skills of course.

You can't believe how easy it was to begin to compromise the person's online accounts, all because they reused a password that was previously exposed in a data breach and continued to reuse personal information across the management of all their personal accounts.

This hypothetical scenario illustrates the dangers of reusing passwords. By using the same password for multiple accounts, you're making it much easier for a hacker to gain overall access to your sensitive information. Instead, you should use a unique, strong password for each of your accounts and consider using a password manager to keep track of them. It may take a little extra effort, but it's worth it to protect yourself against password reuse and the consequences that can come with it.

Just another day of malicious traffic on the internet, No biggy

 

Comments

Post a Comment

ad social bar

Popular posts from this blog

What The Tech?! Mobile Telephones

Image
The evolution from landline to mobile device dragged us into the modern age. If you’re a regular What the Tech reader, you may have noticed that our early pieces have primarily focused around communications, with satellites and fiber optics just some of the subject material from our earlier pieces. Today we’ll continue that trend by look at the early stages of mobile phone development prior to smartphones becoming the next big thing. The Early Days While it may come as a surprise to many, the first steps in actual mobile phone development occurred shortly after WW2, when US based AT&T built the first base station and cell units for development purposes. While these devices technically fit the criteria for mobile phones, they were rudimentary technology that in a lot of ways were more radio than phone like. Working off a decentralized network, these bulky early phones were used in localized communication experiments with no way of being integrated into the existing telephone ...
Read more

From Good to Bad: Exploring the Impact of Reputations on Online Trust.

Image
A reputation speaks volumes without saying anything at all. We blog because we love writing. But what we love even more than that is making complex things simpler for those new to cybersecurity and online safety. Because we feel that everyone should have access to tools that makes the online world safer, and easier to access and secure. We also think scammers are the butt end of society, and that everyday people should have the resources to accurately determine if they are being scammed, cat fished or the like. So with that said, in today’s article we’ll be having a look at some OSINT tools to assist us with examining email and domain reputations. Whilst Domain Reputation analysis can be considered a form of OSINT, the act of assessing a domain reputation would once be considered a niche interest, mostly being used by cyber professionals, marketers and the like. However now Reputations can give us plenty of insight in to the past actions of an address, and can even give us some...
Read more