2 million Facebook, Gmail and Twitter passwords stolen in massive hack


#1

Hackers have stolen usernames and passwords for nearly two million accounts at Facebook, Google, Twitter, Yahoo and others, according to a report released this week.

money.cnn.com/2013/12/04/technology/security/passwords-stolen/

If you have a Facebook, Google, Twitter, Yahoo, LinkedIn, or any other account mentioned in the article, make sure that you change your password.


#2

The article claims that all the service providers have been notified of the compromised accounts and reset all of their passwords, so if yours was on the list you will find out soon enough.

But before you change all your passwords you should take the very important step of doing a complete and thorough virus and malware scan of your system. Because the compromise was via local keylogger, any attempt to change your passwords is going to feed them right back to the hackers unless you remove the virus from your system first before taking any other actions.


#3

and I believe most of the passwords were terribly generic, a.k.a., easy to guess.
Don’t make’ em easy!


#4

Anyone dumb enough to use “password” or “12345” as their password, kinda deserves what they get.


#5

Password strength is 100% irrelevant to a keylogger.

Reusable passwords are horribly outdated, ancient, insecure technology that should have been abolished a long time ago before the Internet was commercialized and privatized and became a “Wild Wild West” with viruses, malware, keyloggers, and ubiquitous network sniffing devices.

What would have solved this problem and made it a non-issue would have been two-factor authentication. I believe that Google makes this available to its users but Google is a pioneer in this field. Precious few other popular sites offer two-factor authentication. I suggest, if you have any interest in the security of your accounts, that you inquire after using this enhanced security method, particularly in sensitive areas such as your online banking. If more people asked, nay, demanded more account security, then perhaps it would be offered more widely.


#6

:eek: Oh not-so-good-word. I found keylogging trackware on my computer a few weeks back, wondering where it had come from, especially since it wouldn’t let me do anything I was able to do the previous night. I accused my Mom of downloading it to “track” what I do on the computer, after she had used my computer the night before I found it. I’d better go ahead and apologize, because this is seriously not good.


#7

Excellent advice. As is clearing out your PC before resetting your passwords. And don’t make them all the same! Especially not the password to your online banking and similar accounts!!


#8

Incidents like this are precisely why I never put sensitive personal info online…anywhere, It kind of amazes me something like this needs to even be told to people…DUH!

The most sensitive thing I have put online is my cell number. There are some things people should know better than to put online.


#9

Do people with Macs or iPods need to check for malware or is that just for PCs? I have to put in a password on the Mac before I can install software.

Thanks!!!


#10

I’m pretty sure viruses and malware etc could wind up on a Mac too although I am not a Mac user so I can’t guarantee. Always pays to have a anti-virus, anti-spyware etc on any PC, Mac and run regular checks as hackers are developing malicious programs faster than we can detect and remove them! :mad: :sad_yes:

I use my iPad for most things, except for banking which I do via a Linux operating system as Linux is supposed to be more secure than Windows operating systems.

I only just deleted my Facebook account about 2 weeks ago and I deleted my Twitter account years ago, so I should hopefully be ok. Although I do have a Gmail, might go change my password now just to be sure.


#11

You mean like in Spaceballs?


#12

This bothers me since increasingly our only option for handling our business, like banking and paying bills, is online. I hope internet security can keep up with the thieves.

It does not, however, bother my son, who just shrugs off my concerns. Must be a generational thing. People used to steal the mail too, but not 2 million letters at a time!


#13

Security technology keeps up, but organizations are unwilling to implement more security because it almost always spells reduced convenience. It is well-known that security/convenience are tradeoffs. You cannot often have both at once. So your bank, in order to make it convenient for you to log in, gives everyone reusable passwords, even though their IT professionals would never log into their intranet servers over an unencrypted connection without two-factor authentication and all the trappings. You see, their own internal data is more important to them than your money as a consumer. It’s a sad fact of life. It doesn’t seem that people learn from massive hack attacks like this. They should be learning that reusable passwords are passé, and if they only knew there was something better out there, they would be demanding it.

I have a friend who works at Valve Software, you know, the guys who make the Steam MMOG client? It is often said among my friends that Steam has better user account security than most banks. Steam offers two-factor auth. They have for a long time. They realize that gamers are serious power users, and they recognize that often gamers invest a lot in their electronic assets. So they properly protect them and give their audience the extra security necessary to do it. There are a lot more companies that should be following this lead, but are not. It’s quite sad for me to see.


#14

That son of mine was all into playing Counterstrike, so he is familiar with Steam client you mentioned (I had to ask him what it was). His theory is that, so far, banks assume the liability for their clients if they are hacked, so he does not worry.


#15

Thank you very much :slight_smile:

I use my iPad for most things, except for banking which I do via a Linux operating system as Linux is supposed to be more secure than Windows operating systems.

I only just deleted my Facebook account about 2 weeks ago and I deleted my Twitter account years ago, so I should hopefully be ok. Although I do have a Gmail, might go change my password now just to be sure.


#16

It’s a shame that useful tools are constantly being attacked by criminals, either for personal gain or because they have too much time on their hands.


#17

DISCLAIMER: The views and opinions expressed in these forums do not necessarily reflect those of Catholic Answers. For official apologetics resources please visit www.catholic.com.