By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
TechgoonduTechgoondu
  • Audio-visual
  • Enterprise
    • Software
    • Cybersecurity
  • Gaming
  • Imaging
  • Internet
  • Media
  • Mobile
    • Cellphones
    • Tablets
  • PC
  • Telecom
Search
© 2023 Goondu Media Pte Ltd. All Rights Reserved.
Reading: The easiest way to get hacked during the pandemic? Your old passwords
Share
Aa
TechgoonduTechgoondu
Aa
  • Audio-visual
  • Enterprise
  • Gaming
  • Imaging
  • Internet
  • Media
  • Mobile
  • PC
  • Telecom
Search
  • Audio-visual
  • Enterprise
    • Software
    • Cybersecurity
  • Gaming
  • Imaging
  • Internet
  • Media
  • Mobile
    • Cellphones
    • Tablets
  • PC
  • Telecom
Follow US
© 2023 Goondu Media Pte Ltd. All Rights Reserved.
Techgoondu > Blog > Internet > The easiest way to get hacked during the pandemic? Your old passwords
InternetSoftware

The easiest way to get hacked during the pandemic? Your old passwords

Alfred Siew
Last updated: June 28, 2021 at 3:30 PM
Alfred Siew Published May 11, 2020
8 Min Read
SHARE
ILLUSTRATION: TheDigitalWay from Pixabay

As with any major crisis, hackers see opportunity in today’s devastating pandemic.

A thirst for information means people let their guard down. In confusion, lies get through more easily. Through expediency, we become less careful of threats we usually would search for.

This is why it isn’t surprising to hear of hackers from all stripes – from petty cyber criminals to well-organised nation states – trying to get into other people’s computers during this crisis.

Yet, some of the easiest ways that people get hacked – through their Zoom accounts or their e-mails – are often down to low-tech reasons.

Old passwords are a prime example. Thousands of Zoom passwords were shared on the Dark Web early this year as the video conference tool became popular for keeping in touch during worldwide lockdowns, according to cyber security firm IntSights.

This was not because hackers somehow breached Zoom’s security or hacked into thousands of user accounts. Instead, most of them were likely compromised because users used the same passwords they used on other sites, which may have been compromised earlier.

For example, if you had an account on Yahoo, which suffered a massive breach in 2013, there’s a good chance that password has been exposed and it’s easy for a hacker to use it to try logging in to other related services that are tied to your name.

In a report last month, IntSights detailed how hackers took old stolen passwords and incorporated them into automated scripts to try logging in to various online services, such as Zoom.

Called credential stuffing, this is an easy way for cyber criminals to get into user accounts without trying to find a loophole in a software program, said Etay Maor, chief security officer of the New York-based cyber security firm that specialises in providing intelligence on the Dark Web.

“It’s easier to find a login through credential stuffing than to find an exploit,” he told Techgoondu in a phone interview last week. “Even if you have the vulnerability, you still need to know how to use it.”

He said that discussions on the Dark Web were often collaborative, with hackers working in concert to pull off some hacking efforts.

Sometimes, they share credentials online to make it easier for others to hack into victims’ accounts, he added.

Though the security for Zoom was not compromised, he noted, users’ weak passwords often let in hackers, who could turn up uninvited to a virtual meeting or worse, listen in to conversations and use the information for elaborate phishing attempts later on.

In simple terms, you should not be using the same password for different online services. No, not even complicated-looking passwords that involve letters in difference cases, numerals and punctuation marks.

That’s because once one account is compromised, it is easy for a hacker to use that password to log in to your other accounts, say, on Zoom, Amazon or Google.

This issue will take a while to resolve as well. Fifty-three per cent of 2,000 consumers surveyed this year in the United States say they reuse their passwords on multiple online services.

In this group, 63 per cent say they use the same password on three to 10 sites, while 10 per cent say use it for more than 10 sites, according to security firm SecureAuth.

Clearly, passwords are an issue that technology firms wish to overcome. Of late, there has been a move towards trusted devices and users, rather than passwords, which can be easily stolen.

For example, the Singapore government’s SingPass login system now lets you in with a digital app on your phone, which acts as a two-factor authentication (2FA) token. Banks in the country are also moving towards that.

While 2FA may not be applicable in all systems – some do not require the same level of security – you should certainly have that turned on for your main e-mail account.

That’s the one that you use to reset the passwords on other accounts, from Amazon to Zoom. If a hacker gets into this e-mail account, he can trigger a reset of all your other services and lock you out, so harden it.

Website owners can also make it harder for hackers to log in with stolen passwords. A Captcha challenge, for example, would stump many automated scripts used by hackers.

Yes, it’s a little more troublesome for users but if the service is an important one, the added security is worth the trouble.

You can’t get rid of passwords altogether, unfortunately. Even the SingPass login, which only needs to scan your fingerprint once it is set up on your phone, requires you to log in with your password the first time round.

But that doesn’t mean that the old way of forcing users to change their passwords all the time is useful.

About half of users reuse the same password with a minor change when forced to do so at their workplace, according to a study by security outfit HYPR in 2019.

So, the key is making sure you have strong passwords that are unique for each service you log on to. Plus, having 2FA turned on for the most important services you use.

How do you remember all these passwords? Well, some savvy users rely on password managers, even though they can also be compromised, like any security measure.

Other users might write down all their passwords on a book, which should be secure from hacking, but what happens when you travel? You can’t log in. Worse, what if you lose the book?

Whatever you do, do not save your passwords on an unencrypted text file on your phone or PC, because that device can be compromised and the passwords can be stolen, as a result.

It’s true there are no failsafe methods to be absolutely safe on cyber space. However, it pays to reduce risk by understanding the threats that change constantly.

Right now, it’s best to make sure your online accounts are using unique passwords. If not, it’s a good time to go change them to make yourself a less easy target.

You Might Also Like

Five ways the Roborock S8 robot vacuum will change the way you clean your home

After another DBS outage, is it time to make banks publicly report service uptime?

IT leaders must manage the tension point between application development and security by embracing a DevSecOps approach

As TikTok faces a possible ban in the US, should users elsewhere be worried?

Foodpanda to use Gogoro electric scooters in battery swapping trial with Cycle & Carriage

TAGGED: credential stuffing, cyber security, IntSights, password, zoom

Sign up for the TG newsletter

Never miss anything again. Get the latest news and analysis in your inbox.

By signing up, you agree to our Terms of Use and acknowledge the data practices in our Privacy Policy. You may unsubscribe at any time.
Alfred Siew May 11, 2020
Share this Article
Facebook Twitter Whatsapp Whatsapp LinkedIn Copy Link Print
Share
Avatar photo
By Alfred Siew
Follow:
Alfred is a writer, speaker and media instructor who has covered the telecom, media and technology scene for more than 20 years. Previously the technology correspondent for The Straits Times, he now edits the Techgoondu.com blog and runs his own technology and media consultancy.
Previous Article New Sonos Arc sound bar out in Singapore on June 10 for S$1,499
Next Article M1 outage in Singapore a reminder of challenges of remote working
Leave a comment

Leave a Reply Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Stay Connected

Facebook Like
Twitter Follow

Latest News

Five ways the Roborock S8 robot vacuum will change the way you clean your home
Internet March 31, 2023
After another DBS outage, is it time to make banks publicly report service uptime?
Enterprise Internet March 30, 2023
Xiaomi 13 Pro review: A photography powerhouse with 1-inch image sensor
Cellphones Mobile March 29, 2023
IT leaders must manage the tension point between application development and security by embracing a DevSecOps approach
Cybersecurity Enterprise Software March 29, 2023
//

Techgoondu.com is published by Goondu Media Pte Ltd, a company registered and based in Singapore.

.

Started in June 2008 by technology journalists and ex-journalists in Singapore who share a common love for all things geeky and digital, the site now includes segments on personal computing, enterprise IT and Internet culture.

banner banner
Everyday DIY
PC needs fixing? Get your hands on with the latest tech tips
READ ON
banner banner
Leaders Q&A
What tomorrow looks like to those at the leading edge today
FIND OUT
banner banner
Advertise with us
Discover unique access and impact with TG custom content
SHOW ME

 

 

POWERED BY READYSPACE
The Techgoondu website is powered by and managed by Readyspace Web Hosting.

TechgoonduTechgoondu
Follow US

© 2023 Goondu Media Pte Ltd. All Rights Reserved | Privacy | Terms of Use | Advertise | About Us | Contact

Join Us!

Never miss anything again. Get the latest news and analysis in your inbox.

Zero spam, Unsubscribe at any time.
 

Loading Comments...
 

    Welcome Back!

    Sign in to your account

    Lost your password?