• Forecast
  • News Tip
  • Categories
Temperature Precipitation
Estimated read time
4m 34s

Hackers steal millions of passwords

By CBS News 12:58 PM December 5, 2013

The Netherlands seemed to be targeted the most.

NEW YORK- Nearly 2 million user names and passwords for Facebook, Twitter, Yahoo, Google, and other popular sites have been compromised and circulated online, Internet security researchers report.

The security firm Trustwave SpiderLabs first discovered the breach and posted its findings online.

The hackers’ massive database included stolen information from some 320,000 email accounts, 318,000 Facebook accounts, and 21,000 Twitter users, Trustwave said. Many Russian-language social networking sites were also targeted.

Most of the accounts do not appear to belong to users in the United States. CNET notes that fewer than 2,000 of the stolen login credentials affect U.S. users.

The Netherlands seemed to be targeted the most, accounting for 97 percent of the stolen passwords, followed by Thailand, Germany, Singapore, and Indonesia.

Trustwave researchers combed through the stolen passwords and made another disturbing discovery: Thousands of people used the same weak and easily crackable passwords. The company says more than 15,000 of the affected users had set “123456″as their password, and about 2,000 each just used the word “password” or “admin.”

In Trustwave’s analysis, only 5 percent of the stolen passwords were considered excellent and 17 percent were good. The rest were moderate or worse.

Internet security experts say many breaches occur because passwords are too easy to guess, although that may not have been a factor in this case. They offer a number of tips to help keep your personal data safe from hackers:

-Make them long. The minimum should be eight characters, but even longer is better.

- Use combinations of letters and numbers, upper and lower case and symbols such as the exclamation mark. Try to vary it as much as you can. “My!PaSsWoRd-32″ is far better than “mypassword32.”

- Avoid words that are in dictionaries, as there are programs that can crack passwords by going through databases of known words. These programs know about such tricks as adding numbers and symbols, so you’ll want to make sure the words you use aren’t in the databases. One trick is to think of a sentence and use just the first letter of each word — as in “tqbfjotld” for “the quick brown fox jumps over the lazy dog.”

-Avoid easy-to-guess words, even if they aren’t in the dictionary. Avoid your name, company name or hometown, for instance. Avoid pets and relatives’ names, too. Likewise, avoid things that can be looked up, such as your birthday or ZIP code.

-Many sites let you reset your password by answering a security question, but these answers — such as your pet or mother’s maiden name — are possible to look up. So try to make these answers complex just like passwords, by adding numbers and special characters and making up responses.

When a malicious hacker gets a password to one account, it’s often a stepping stone to a more serious breach, especially because many people use the same passwords on multiple accounts. So if someone breaks into your Facebook account, that person might try the same password on your banking or Amazon account. Suddenly, it’s not just about fake messages being posted to your social media accounts. It’s about your hard-earned money.

It’s particularly bad if the compromised password is for an email account. That’s because when you click on a link on a site saying you’ve forgotten your password, the service will typically send a reset message by email. People who are able to break into your email account, therefore, can use it to create their own passwords for all sorts of accounts. You’ll be locked out as they shop and spend, courtesy of you.

If the compromised password is one you use for work, someone can use it to break in to your employer’s network, where there are files with trade secrets or customers’ credit card numbers.

Many services offer a second level of authentication when you’re accessing them from a computer or device for the first time. These services will send you a text message to a phone number on file, for instance. The text message contains a code that you need in addition to your password. The idea is that a hacker may have your password, but won’t have ready access to your phone.

Facebook, Google, Microsoft and Twitter are among the services offering this dual authentication. It’s typically an option, something you have to turn on. Do that. It may be a pain, but it will save you grief later. In most cases, you won’t be asked for this second code when you return to a computer you’ve used before, but be sure to decline that option if you’re in a public place such as a library or Internet cafe.

Don’t get complacent — change your passwords regularly. It’s possible your account information is already circulating. If you have a regular schedule for changing passwords for major accounts, you reduce the amount of time that someone can do harm with that information.

You’ll need to decide what counts as a major account. Banking and shopping sites are obvious, as are email and social-networking services. It probably doesn’t matter much if someone breaks into the account you use to read newspaper articles (unless it’s a subscription).

And strong passwords alone won’t completely keep you safe. Make sure your computer is running the latest software, as older versions can have flaws that hackers have been known to exploit. Be careful when clicking on email attachments, as they may contain malicious software for stealing passwords. Use firewalls and other security programs, many of which are available for free.

Latest Stories

  • Lifestyle

    World’s best woodcarvers compete in Alaska Cup

    by Eric Ruble on Aug 03, 10:46

    Woodcarving is an art form a little bit louder than most. Armed with chainsaws and blowtorches, artists at the Alaska Cup Carving Competition worked their way through massive chunks of spruce to form their masterpieces. The four-day event, now in its second year, was hosted by the Turnagain Gallery near Bird Creek on the Seward […]

  • Weather

    Daybreak weather, Aug. 3

    by KTVA Weather on Aug 03, 9:06

    Anchorage Mostly sunny with highs in the low to mid 70s. Light winds. Kenai and Prince William Sound Mostly sunny with highs in the upper 60s to lower 70s. Southeast Mostly cloudy with rain showers. Highs in the 60s and 70s. Interior Mostly sunny with highs in the 70s. North Slope Cloudy with rain showers […]

  • Sports

    Dominant pitching lifts Juneau over Service in regional qualifier

    by KTVA Sports on Aug 03, 8:39

    Nathan Klein struck out 16 batters, going all nine innings as Juneau topped Service 5-1 in the Northwest Class A Regional Tournament qualifier. After Chugiak clinched the Northwest Regional playoffs in Cheyenne, Wyoming, by beating Kenai in the Alaska Legion championships, the Twins were the first team chosen to represent Alaska in the lower-tiered “Class […]

  • Sports

    Ostrander, Thomet to represent Alaska in mountain running world championships

    by KTVA Sports on Aug 03, 8:26

    Kenai’s Allie Ostrander and Kodiak’s Levi Thomet were selected for the US Junior Mountain Running team Sunday morning. The two will join five other US athletes competing in the 31st World Mountain Running Championships. Ostrander won the Nike Cross national championship in 2014. She’s also an experienced mountain runner, having won multiple times in the […]

  • News

    Hitchhiking the world: A French woman’s journey to Alaska

    by Liz Raines on Aug 03, 8:10

    Nearly three years ago Florence Renault was a photojournalist at France 3, one of the biggest TV names in Europe. She had steady work and made good money as a freelancer. She was living her dream — until she says she outgrew it. At 27, she downsized her camera and life to travel the world […]

  • News

    Early morning fire rips through East Anchorage trailer

    by KTVA CBS 11 News on Aug 03, 7:15

    A fire ripped through a trailer in East Anchorage early Monday morning, but no one was inside the home at the time. Neighbors reported the fire at a trailer on Honeysuckle Avenue off Newell Street, said Anchorage Fire Department Capt. Jared Stiglich. Flames could be seen in the mobile home’s windows when fire crews arrived. […]

  • Sports

    Alaskan athletes bringing home 9 medals from Special Olympics World Games

    by Megan Mazurek on Aug 02, 18:27

    Alaska’s four Special Olympics World Games athletes are bringing home nine medals, collectively. Christine Quick earned the last of the nine in Saturday’s 4 x 50 relay. She and her team finished in first place. The World Games’ closing ceremonies will be held Sunday. The past week has been a time of reflection for the […]

  • News

    Wildfire smoke forces Wasilla pilot to make emergency landing on Dalton Highway

    by Makayla Clark on Aug 02, 18:02

    Troopers say no one was injured Friday after a pilot landed on the Dalton Highway near Mile 90. Jeremy D. Rogers, 28, was flying a 1958 Cessna 180 from Nenana to Coldfoot when smoke from a wildfire prompted him to make an emergency landing on the highway. Rogers, from Wasilla, had four passengers aboard the plane, according to an […]