TIPS TO PROTECT YOUR IDENTITY
- Change your passwords often.
- Don't store passwords or account username reminders on smartphones or computers. This personal information could be compromised by a computer virus.
- Beware of possible scams related to the breach. For example, watch out for email or text messages that instruct you to click on a link to "change your password." Some scammers may use the announcement as ploy to get you to click on malicious links.
- Monitor your financial accounts, email accounts, and mail for signs of identity theft, such as unexpected bills or credit report errors.
Source: Ohio Attorney General’s Office
PASSWORD TIPS FROM AN EXPERT
Chris Hart, operational risk director and customer information security officer for Cincinnati-based First Financial Bank, offers these tips for creating secure passwords for online accounts:
- Use different passwords for sensitive websites — for example, using a different password for email and bank accounts
- Don't use a dictionary word
- Don't use personal references — such as a pet name or birthday date
- Create a complex mix of upper and lower letters, numbers and symbols
- Passwords should contain 10 characters or more
- Rather than using a word, pick a phrase and modify it by abbreviating words, and replacing letters with numbers and symbols. For example: The phrase 'I love to go for a walk at night' becomes the password: 1L2go4awatPM!
Everyone should consider updating important online passwords, a local cybersecurity expert said, following more reports of stolen personal data, this time an estimated 1.2 billion user names and passwords from a gang of Russian hackers.
The New York Times reported Tuesday that Russian hackers obtained 500 million email addresses in addition to passwords, gathered from 420,000 websites, a breach discovered by Milwaukee, Wisc., firm Hold Security. Affected websites have not been named, but it’s being considered the largest known collection of stolen Internet credentials.
Local financial institutions advised customers to change their passwords after news of the Russian cyber attack. Consumers should change their passwords often and stay vigilant about monitoring their bank accounts, said Chris Hart, operational risk director and customer information security officer for Cincinnati-based First Financial Bank.
“What’s important and what’s prompting so much concern with this latest notice of (the) 1.2 billion user name and password compromise is people are using the same password at multiple websites,” Hart said.
“Due to the volume of the data stolen you should assume your personal information has been compromised,” he said.
Tuesday’s news added to a slew of data breaches that have recently occurred at other major U.S. corporations.
P.F. Chang’s China Bistro confirmed this week that data may have been stolen from certain credit and debit cards used at 33 of its restaurants nationwide, including one in Dayton. The company said its other local locations, including West Chester and Cincinnati, were not affected by the data breach.
Meanwhile retailer Target Corp. is still struggling to win back its shoppers’ trust after hackers believed to be attacking from Eastern Europe stole 40 million credit card numbers and 70 million addresses, phone numbers and other personal information during last winter’s busy holiday shopping season.
Data breaches have occurred at other major U.S. corporations recently, including Neiman Marcus, Sally Beauty Holdings Inc. and Michaels Stores Inc.
Ohio-based entities, mostly companies, since 2005 have suffered 157 breaches of at least 6 million records collected on individuals, according to data collected by the Privacy Rights Clearinghouse, a California nonprofit researching privacy issues. Each breach involved at least 10 records.
Nationwide, there have been at least 4,412 breaches involving more than a billion records, also since 2005, according the clearinghouse database.
“We’re in a time of technology where these types of hacks are hard to prevent and it’s the new normal,” Hart said.
“Ultimately the reason that we’re seeing it is it’s a way to make money. It’s all about money,” he said.
Online data thieves will sell the information or get paid to deliver spam messages, he said.
It’s important to use unique passwords for websites, “so if one of them is compromised, they’re not all compromised,” Hart said.
Technological advances and an increasing amount of information stored electronically, on computers and mobile phones, are contributing to a greater frequency of digital attacks, said Richard Harknett, professor of political science and chair of the political science department for University of Cincinnati.
Harknett is also a governor-appointed member of a state Cybersecurity, Education and Economic Development Council.
“When these breaches occur, we sort of report of them and what you need to do individually to protect yourself. The issue of botnets is if you’re not protecting yourself, you’re increasing the danger for everybody else,” Harknett said.
The data breach uncovered by Hold Security was a type of botnet; think of it as a digital army of computers controlled by a centralized user, Harknett said. Compared to a lone hacker armed with a single laptop, a botnet can control 10,000 computers or more, all running code to break passwords. And all without the computer’s owner knowing, Harknett said.
The computing power of 10,000 machines running malicious code means the hacker can increase the number of targets, break passwords faster and steal more information, Harknett said.
“The defense is always playing catch-up,” he said.
In addition to stronger passwords, be careful about which websites you click on.
Even if it’s coming from a trusted site, a forwarded email could contain a virus or malware, he said.
One warning sign: an email from a person that didn’t originate the file, such as a picture. Be careful of messages that sound too good to be true. Banks and governments will not ask for credentials online or in text messages.
“I think we do have to expect this until we start demanding as consumers more secure platforms and that’s going to require a tradeoff because more security is less convenient, but it’s also more secure,” Harknett said.
The Associated Press and Staff Writer Ken McCall contributed to this report.
About the Author