The string of cyber attacks against major corporations and government agencies mostly resulted in leaked email addresses, usernames, and passwords. Financial privacy is still intact, right? Wrong.
From Sony to Citi to the CIA, hackers have cracked digital security at some of the largest companies and agencies in the world, collecting vast amounts of sensitive information.
As a Sony PS3 user and occasional gamer on the PlayStation Network, I was one of the 77 million users who had their account information compromised. Although I have never provided any credit card information for PlayStation Store purchases, I recognize that leaked email addresses and passwords are enough jeopardize my accounts at other websites.
Other recent cyber crimes that have compromised user account information do not deserve a lax response, as many victims underestimate the potential for financial disaster involved.
How to Wreak Financial Havoc
Lulz Security is one of the hacker groups that has claimed responsibility for recently infiltrating Fox, PBS, Sony Pictures, gaming servers, and pornography websites. The group has publicly posted user email addresses, passwords, and other pertinent information as proof of their accomplishments.
Step over to the dark side and ponder what sinister acts are possible with this treasure trove of information. (Please do not attempt any of the following actions as law enforcement will be knocking on your door if you do so.)
According to a 2009 report by Sophos, a global provider of security and data protection solutions, 33% of computer users use the same password for every website they access. From LulzSec’s victim list, I can select any email address/username and password combination and try to log in at the largest banks and financial institutions.
Or, I could try to access a victim’s accounts with popular websites such as Amazon, eBay, and PayPal, where users often store their personal and financial information. Email phishing, one of the oldest tricks in the book, is still a viable tactic to lure victims into providing account numbers, passwords, PINs, and answers to security questions (information that banks never ask for through email).
For even greater efficiency, the login information may work with sites like Mint.com to narrow down the list of financial institutions to target.
And last but not least, I can log into instant messaging services and social networking sites such as Facebook and Twitter to scam family and friends of victims.
Better to Know Than to Wonder
In a recent statement celebrating their 1000th Twitter update, LulzSec argues that the potential for harm is far greater if they hadn’t released compromised information. “What if we were silent? That would mean we would be secretly inside FBI affiliates right now, inside PBS, inside Sony… watching… abusing…”
The hacker group makes a good point that an unexposed problem is easily left untreated. Call it an unorthodox reminder, if you will, by LulzSec to maintain unique passwords for each and every single account – changing your passwords for compromised accounts would not be suffice.
If your logins regularly consist of the same username or part of your email address, it would be wise to change the passwords for all of these accounts. And as always, keep a close eye.
Follow Simon on the MyBankTracker.com Community and on Twitter @simonzhen.