Monday, January 16, 2012

Zappos Hacked, Secure Your Passwords

Zappos Hacked, Secure Your Passwords

Sean Gallagher of Ars Technica reports: "Zappos gets hacked, resets customers' passwords".

On January 15, online retailer Zappos alerted customers to a security breach. In an e-mail to employees, Zappos CEO Tony Hsieh said that a hacker had compromised one of the company's servers in Kentucky. As a result, the intruder was able to gain access to internal networks. While no credit card data or passwords were exposed in the attack—both were stored in encrypted form—the attack did expose other personal information—including names, shipping and billing addresses, phone numbers, and e-mail addresses. 
Over 24 million customer accounts were affected in the breach. As a precaution, Zappos has expired all customers' passwords, and alerted customers that they should change passwords on other sites that are similar to their old one on Zappos." [Emphasis added]

Admit it... you use the same user name and password at multiple sites... Zappos includes a note to warn their users because the hackers will try the same user name and passwords on multiple sites. 

How many sites have you stored/saved personal identifying information using the same User and password combination?

Consider LastPass

Consider a Password Management Tool:
I use a tool called LastPass. It syncs across multiple platforms - I use it on Windows, Android and iPhone. It is encrypted locally and at the service. It allows the user to set a password strength for randomly generated passwords. And, because I only have to remember a single password, I feel confident to let it manage my accounts. 

LastPass is not perfect - it is clunky on my Android tablet - forcing a lot of Copy/Past operations, but it works for me.  

Bottom Line:

Personal information should never be considered safe when it is online. Using the same user name and password combination exposes you to big risks. Consider a Password Management tool, if not LastPass, then Mashable provides a survey of 5 Password Management Tools. Pick one and get more secure.


No comments:

Post a Comment