Over the weekend, account holders at the crowd-sourcing website Kickstarter may have received an alarming surprise, with notification that they should change their passwords as the service had been hacked. Credit card details hadn’t been stolen, but information had, data which could be pieced together to let someone in.
And this has happened more and more over the past few years, with information taken from companies such as Sony, Adobe, Yahoo Mail, Snapchat, LinkedIn, Evernote, and countless others.
In fact, it seems there’s a hacked database every month, followed by an email from the affected company telling its customers to change their password.
So it raises the question: is any account online safe?
We’ve seen the emails before. Time and time again. They come into our home email, and our work email, and any place we’ve had an account, the text of the email basically a strong recommendation to have you change your password.
Now. You should do it now, it says. Change the password now to reduce risk.
Recently, we saw it from Kickstarter, the place that helped this writer fund the Pebble Smartwatch, a microscopic lens for smartphones, and a new blogging platform.
For those who don’t know, this is a place where we get to see ideas from people who want to create things, magazines, books, games, movies, and products that will make an impact on the world and on society. You get behind it, plonk down some money, and eventually receive a gift, a pat on the back, or an early version of the product at a less-than-retail price.
But this weekend, that place was invaded, breached by someone who wanted access to the accounts of the souls who found it worthwhile supporting others, taking what Kickstarter said includes “usernames, email addresses, mailing addresses, phone numbers, and encrypted passwords.”
That last one isn’t as concerning as an unencrypted password, but with enough computing power, something encrypted can very easily become unencrypted, and voila, your password and email address are logins to let someone do something malicious.
It’s especially troubling when you consider that many people keep the same passwords across our accounts, making it likely that they then have to change passwords across every single one.
There’s a huge hassle in this, highlighted by the simple notion that you have to remember precisely where you kept the account with said password.
“There is no easy way to change passwords on many sites at once,” said AVG’s Michael McKinnon, who added that consumers have been getting into the good habit of making better passwords.
“A lot of our traditional advice on passwords has been about creating strong or unique passwords,” he said.
“Part of the reason is because passwords are being used by users in different places and its the same password, so when one password is compromised in one place, it gets compromised in other places as well,” with McKinnon adding that “it only takes one data breach to compromise you.”