Robert Siciliano

Loading...
    • Media Contact:
      Robert Siciliano
    • Member Type(s): Expert
    • Title:Identity Theft Expert
    • Organization:IDTheftSecurity.com
    • Area of Expertise:
    •  
    • Member:ProfNet

    To become a ProfNet premium member and receive requests from reporters looking for expert sources, click here.

    Young Kids Getting Sexually Exploited Online More Than Ever Before

    Tuesday, June 18, 2019, 10:08 AM [General]
    0 (0 Ratings)

    An alarming new study is out, and if you are a parent, you should take note…children as young as 8-years old are being sexually exploited via social media. This is a definite downturn from past research, and it seems like one thing is to blame: live streaming.

    YouTube serves up videos of kids, in clothing, that pedophiles consume and share as if it is child porn. It’s gotten so bad that YouTube has had to disable the comments sections of videos with kids in them.

    Apps like TikTok are very popular with younger kids, and they are also becoming more popular for the sexual predators who seek out those kids. These apps are difficult to moderate, and since it happens in real time, you have a situation that is almost perfectly set up for exploitation.

    Last year, a survey found that approximately 57 percent of 12-year olds and 28% of 10-year olds are accessing live-streaming content. However, legally, the nature of much of this content should not be accessed by children under the age of 13. To make matters worse, about 25 percent of these children have seen something while watching a live stream that they and their parents regretted them seeing

    Protecting Your Children

    Any child can become a victim here, but as a parent, there are some things you can do to protect your kids. First, you should ask yourself the following questions:

    • Are you posting pictures or video of your children online? Do you allow your kids to do the same? A simple video of your child by the pool has become pedophile porn.
    • Do you have some type of protection in place for your kids when they go online?
    • Have you talked to your children about the dangers of sharing passwords or account information?
    • Do your kids understand what type of behavior is appropriate when online?
    • Do you personally know, or do your kids personally know, the people they interact with online?
    • Can your kids identify questions from others that might be red flags, such as “where do you live?” “What are your parents names?” “Where do you go to school?”
    • Do your kids feel safe coming to you to talk about things that make them feel uncomfortable?

    It is also important that you, as a parent, look for red flags in your children’s behavior. Here are some of those signs:

    • Your kid gets angry if you don’t let them go online.
    • Your child become secretive about what they do online, such as hiding their phone when you walk into the room.
    • Your kid withdraws from friends or family to spend time online.

    It might sound like the perfect solution is to “turn off the internet” at home, but remember, your kids can access the internet in other ways, including at school and at the homes of their friends. It would be great to build a wall around your kids to keep them safe, but that’s not practical, nor is it in their best interest. Instead, talk to your child about online safety and make sure the entire family understands the dangers that are out there.

    Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

    Are Password Managers as Safe as You Think They Are?

    Thursday, June 13, 2019, 12:13 PM [General]
    0 (0 Ratings)

    You have probably heard of password managers, and you probably think they are pretty safe, right? Well, there is new research out there that may might make you think twice, especially if you use password managers like KeePass, 1Password, Lastpass, or Dashlane. Frankly, I’m not worried about it, but read on.

    Specifically, this study looked at the instances of passwords leaking from a host compute or focused on if these password managers were accidently leaving passwords in the computer’s memory.

    What was found was that all of the password managers that were looked at did a good job at keeping these passwords secure when in a state where it was “not running.” This means that a hacker would not be able to force the program into giving away the user’s passwords. However, it was also noted that though each password manager that was tested attempted to scrub these passwords from the memory of the computer, it wasn’t always successful…meaning, your passwords could still be in the memory.

    Some of these programs, like 1Password, seemed to have left the master password, but also the secret key for the program. This could possibly allow a hacker to access the info in this program. But, it’s important to note that these programs are trying to remove this information, but due to various situational issues, it’s not always possible.

    Another program, LastPass, was also examined, and it, too, caused some concern amongst researchers. Basically, the program scrambles the passwords when the user is typing them in, but they are decrypted into the computer’s memory. Additionally, even when the software is locked, the passwords are still sitting in the memory just waiting for someone to extract it.

    KeePass, which is yet another password manager, was also looked at here. In this case, it removes the master password from the computer’s memory, and it is not able to be recovered. However, other credentials that were stored in KeePass were able to be accessed, which is also problematic.

    Should you be worried about this? Well, it depends on your personal thought process. Some people probably won’t care too much, and others won’t be affected because they don’t use password managers that have these issues. Since the researchers pointed out these issues each password manager has done their own updates and corrected any issues. The real vulnerability isn’t the security of the password managers but the security of the devices, their users and if the users are deploying the same password across multiple accounts.  Using the same password over and over is the risk here. So get a password manager so you can have a different password everywhere.

    Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

    Anyone Can Scam You, Even Your Folks

    Tuesday, June 11, 2019, 8:31 AM [General]
    0 (0 Ratings)

    You might feel pretty safe with your parents, but more and more stories are coming out about scammer parents—especially when it comes to getting into college.

    By now, we have all heard of the famous faces who have gotten caught up in the college admission scandal, but they are not the only ones. Other families are also involved in the scandal, including a wealthy Chinese family who paid $6.5 million in 2017 to get their daughter admitted to Stanford. They did not pay the school, of course, but they did pay college consultant Rick Singer, who is at the center of the college admission scandal.

    The Los Angeles Times broke this story, and it is unknown, at this time, if the family knew that they were doing something wrong. Neither the family nor the student, who all live in Beijing, have been charged with any crimes. Stanford has released a statement to say that it has not received any money from the student’s family (or from Singer), and it was not even aware of any of this until the Times’s story was published.

    Other families associated with the college admission scandal are starting to get their days in court, including Bruce and Davina Isackson, who pleaded guilty in a Boston federal court for their involvement in the scam. They were the first to plead guilty and also the first who have said that they will fully cooperate with the investigators and testify against the other parents who are accused in the scandal.

    The Isacksons are accused of paying $600,000 to ensure that their daughters were admitted into the University of California, Los Angeles and the University of Southern California. The money was paid to admit both of the girls to the schools as fake athletic recruits, and it was used to pay Singer to rig the entrance exam score for one of them.

    The couple did release a statement through their attorney. They expressed their regrets for their actions and stated, “Our duty as parents was to set a good example for our children, and instead we have harmed and embarrassed them by our misguided decisions.”

    There are many parents involved in this scam, including 12 parents who have already agreed to plead guilty. This includes actress Felicity Huffman.

    Other parents are fighting the charges, and they could be in for a rough road; the parents and coaches who are helping the investigators are full of information, and it could harm any efforts of those whom have pleaded not-guilty.

    Since the scandal has hit, even former coaches are stepping up, including those at USC and the University of Texas at Austin. This also indicates that there could be more indictments coming soon.

    Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

    Facebook Wants my Social Security Number!

    Thursday, June 6, 2019, 12:01 PM [General]
    0 (0 Ratings)

    WTH Facebook? Generally, I don’t have a problem giving out my SSN. That might seem contrary to the advice I give, but frankly, our SSNs are everywhere and if my insurance company needs it, I’ll generally just question them on it, maybe resist a bit, and if they insist, and I need that insurance policy, I’ll cough it up.

    My identity in regards to “new account fraud” is protected via a credit freeze and I also have identity theft protection in place. So between the two, I’m pretty locked down. This is the advice I give everyone. So I’m generally not alarmed or concerned when asked for my SSN.

    BUT, today friggin Facebook asked for it and of all the company’s or government agency’s on the planet to ask for this level of personal identifying sensitive information, Facebook is the world’s single most notorious abuser of privacy in the history of the world.

    There have been countless breaches and privacy issues with Facebook and this is so over the top I can’t even believe they have the nuts to ask for a copy of my Social Security card.

    Here’s how it played out….An email came in from Facebook subject line “Your sales are on hold” with the message:

    Hi Robert Siciliano: Security Awareness Fraud & Personal Security Expert,

    When Robert Siciliano: Security Awareness Fraud & Personal Security Expert’s shop was set up, Robert Siciliano’s information was entered. To help keep Facebook secure, we need to confirm the identity of people representing a business on Facebook or Instagram.

    Your sales have been temporarily put on hold until we can confirm Robert’s information. This is a standard process and should only take a few minutes to complete.

    Once you confirm Robert’s information, you’ll be able to receive payments again.

    Thanks,
    The Facebook Team

    WTH?!! OK, sure. So I sell my books on my Facebook page and e-commerce is involved. There’s a tax thing going on here. But they aren’t asking for my EIN or are engaging me in a formal process to vet my viability as a tax payer. They are asking for a copy of my SSN in the form of a scan to “verify” me!

    I clicked a link on Facebook to see where this debacle would take me and see here:

    So I clicked “Contact Us” to voice my frustration and my response was:

    And I’ll repeat: “Screw off. I’m not sending Facebook a copy of my SSN card. WTH is wrong with you? What are my other options?

    Stay tuned for how this BS turns out.

    To be continued. Robert.

    Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

    Robert Siciliano on FOX Nation

    Wednesday, June 5, 2019, 9:06 AM [General]
    0 (0 Ratings)

    I recently had the opportunity to join a panel discussion on FOX Nation. We talked about the grid, and how cyber threats could be the next medium for global warfare. I was able to share opinions with fellow experts on privacy, information security and cybersecurity. Please watch and learn why it is so important to take control of your own security, and ultimately your life.

    Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

    Beware of Conference Invitation Scams

    Thursday, May 30, 2019, 2:12 PM [General]
    0 (0 Ratings)

    Conference invitation scams are those that involve a scammer sending invitations out to events with the intention of scamming the invitees. These might be real events or fake events, and the scammers target people including business professionals, lecturers, CEOs, researchers, philanthropists, and more. The goal here is to steal the identities of these people, and eventually get money by taking advantage of their victims.

    Spotting a Scam

    There are usually some pretty clear signs that you could be dealing with a scam involving a conference invitation. Here are some things to look for:

    • The invitation has typos or bad grammar
    • The invitation seems very random or out of no where
    • The conference name sounds like a conference you might be family with, such as Tech Crunch, but it’s spelled differently, like TekCrunch
    • The invitation asks that you pay a premium price to attend, which includes accommodation and transportation
    • Payment options don’t include credit cards
    • The invitation is overly flattering
    • There is a sense of urgency pushing you to send personal information
    • The greeting on the invitation is questionable, i.e. “Salutations.”
    • The invitation asks for sensitive information in return for “covering” your conference cost, accommodations, and transportation.
    • The conference is held in a different country, i.e. Asia or the Middle East
    • The landing page doesn’t have a physical address or landline number
    • The invitation sounds too good to be true

    How Do These Scams Work?

    In general, the scammer begins the scam by sending an email to a target victim and invited them to attend or speak at a conference. The scammer usually uses the victim’s social media pages to get information about them, which helps them to create a more personalized email.

    The victim is told to register for the conference, which involves giving personal information. Additionally, they could be asked to pay a fee to attend, which could be over $1,000, depending on how long the conference is said to last. Usually, this is where the sense of urgency comes into play, as the scammer will say the conference is filling up or they need to know if they can count on the victim to speak. If not, of course, they must find another speaker, so the victim must confirm as soon as possible.

    If the targeted victim complies with this and sends their information, the scammer may have enough information to steal the victim’s identity. Additionally, the scammer can use the name of the victim to promote the conference, especially if it is someone well-known in the industry.

    If the victim goes through with all of this, they will quickly find out that they have been scammed. A scammer might also try scamming people who are actually going to a legitimate conference. They claim that they are part of the organization running the conference, and they need information and to collect fees. Of course, since the victim already signed up for the conference, it is easy to believe this scam without giving it a second thought.

    Protecting Yourself from Invitation Scams

    Here are some tips and tricks that you can use to protect yourself from these types of scams:

    • If you get an email similar to ones described here, don’t respond.
    • You should investigate any invitation that you are not sure of.
    • Do not agree to send money, and only pay with a credit card.
    • Don’t agree to give any personal information; a conference organizer doesn’t need to know your Social Security Number
    • Research the event and try to match up the information that you were given in the invitation email.
    • Copy and paste some of the email into Google to see if others have reported that this is a scam.

    What to Do if You are a Victim If you have become a victim of a conference invitation scam, there are steps you should take immediately. First, get in touch with your financial institutions, like banks and credit card companies, and make them aware of this. Next, you should contact the location police and authorities in the area where the conference is allegedly supposed to be held. You should also get in touch with the Better Business Bureau about the company, and you can report the scam online via the BBB’s Scam Tracker or the Federal Trade Commission’s Online Complaint Assistant. Finally, you can also report the scam to the FBI through its Internet Crime Complaint Center.

    Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

    Who Has Access to Your Personal Info? The Answer Might Surprise You

    Thursday, May 30, 2019, 2:10 PM [General]
    0 (0 Ratings)

    Are you aware that many people probably have access to your personal info? If you have ever gotten an apartment, have insurance, or applied for a job, someone has done a background check on you, and you might be shocked by what’s in there, including your debts, income, loan payments, and more. On top of this, there are also companies collecting information on you including:

    • Lenders
    • Employers
    • Government agencies
    • Volunteer organizations
    • Landlords
    • Banks/credit unions
    • Insurance companies
    • Debt collectors
    • Utility companies…and more

    Thanks to the Fair Credit Reporting Act (FCRA), you can get a copy of these reports every year for a small fee, and they are free if there has been any type of adverse action against you. You can also get this information from certain organizations including the following:

    Credit Agencies

    Most people know the main credit reporting bureaus, Experian, TransUnion, and Equifax. The reports that these companies give you can include your loan and credit card payment history, how much credit you have, info from debt collectors, and other information.

    Employment Screening

    If you have applied for a job, you might have gone through employee screening. These employers have access to things like your salary history, credit history, education, and even criminal history.

    Housing/Tenant Screening

    If you have ever rented an apartment or home, your landlord might have done a background check, too. This might include prior evictions and other negative information.

    Banking and Check Screening

    Your bank also might have information on you, which could include your banking history, such as negative balances on your checking account or unpaid bills.

    Medical Insurance

    Finally, if you have medical insurance, your insurance company has probably also done a background check on you. These policies include life insurance, health insurance, long-term care insurance, critical illness insurance, or disability insurance.

    Lifehacker and the Consumer Financial Protection Bureau’s 2019 report compiled a pretty amazing list below. Check it out.

    The nice thing about these things, however, is that you have a right to access all of these reports, too. In most cases, these reports are free. You can ask these organizations what background check companies they are using, and then you might be able to request a free report. Again, if there is any negative information on these reports that cause you to, for instance, not be hired by an employer, you will automatically get a free copy of this report so you can see the derogatory information for yourself, and then take any steps you can to change it.

    Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

    WARNING: You or Your Members Could be Targets of List Scams

    Friday, May 24, 2019, 9:04 AM [General]
    0 (0 Ratings)

    There are scammers out there targeting conference exhibitors and attendee. What are they looking for? Credit card numbers, money wires and personal information that they can use to steal identities. One of the ways that scammers get this information is by using invitation or list scams. Basically, if you are registered for a conference, speaking at a conference, a conference vendor or just “in the business”, you might get an email…or several emails…that invite you to a conference or offer to sell you a list of attendees, and their contact information, which may be beneficial to you…but is it too good to be true? Definitely.

    These Lists are Lies

    Along with conference invitation scams, many associations are targets of list scams. A quick search of “Attendee List Sales Scam” pulls up numerous associations whose members and anyone interested in marketing to these members are being targeted by criminals to purchase non-existent lists.

    Though it might sound great to get a list of all attendees of a conference, including their contact information, you might be surprised to know that these lists are lies. On top of that, getting this information might not even be legal.

    Think about it for a second. When you signed up for a conference, did you choose to opt-in to have your personal information shared with others? Probably not, and that also means that most of the other attendees did not do this either.

    To find out if the list is possibly legit, take a look at the show’s policies. Do they give information to third parties? Do they rent or sell lists of attendees? Is the name of the company that contacted you on the list of their third-party vendors? If this checks out, the list could be legitimate. If not, it’s probably a lie.

    If you think you are dealing with a liar, the first thing you should do is plug the company that contacted you into the Better Business Bureau’s website. If it is a scam, you should certainly see information proving that. If not, but you aren’t interested, just unsubscribe. If you think that you are dealing with a scammer, don’t reply or even unsubscribe. Instead, just delete the email and don’t take any action. Many of these scammers are simply looking for active email addresses.

    More Conference Invitation Scams

    Another scam involves telling attendees about exhibitors that don’t even exist. This can push you into wanting to sign up for the conference, but in reality, the conference, itself, might not even exist, and in this case, you could just be giving your hard-earned money to a scammer.

    So, if you find yourself in this situation, the first thing you want to do is research. One step is to look up the person who contacted you online, such as on LinkedIn, and see if they are who they say they are. Another thing to do is to contact the conference venue and ask if the event is being held there. You can also check the contract for refund or cancellation information. You also should do some research about the reputation of the contactor company. Finally, always make sure that you pay for any conference with a credit card. This way, with zero liability policy’s, you can get your money back, and every legitimate conference company is happy to accept credit cards.

    But Wait…There’s More

    Another scam associated with trade shows and conferences is to contact attendees about hotel reservations, but once you pay…it’s all a scam. Usually, these scammers will contact the attendees and say that they represent the hotel for the conference. They will tell you that rates are significantly rising or that it is sold out, so you must act immediately…however, they will say that they need the full amount up front.

    When in doubt about this type of scam, you should always contact the trade show organizers yourself, and then ask who the booking rep is. You should also give them the name of the company that you believe is scamming you so they can advise others of the scam.

    Know Your Options

    • It is very important when you are signed up to present or attend a conference that you only engage with the company that is running the conference
    • If in doubt, confirm with the company that the offers from third-party claims are correct.
    • You can also get an official exhibitor list of official vendors.
    • Keep in mind that these legitimate companies might have your personal information, but they would not release your personal contact information with third-parties.
    • Some exhibitors might get the mailing address of attendees, which you can opt out of. Most of this is harmless, of course, but that doesn’t mean that all of these lists are.

    Wi-Fi Hacks

    Finally, you want to watch out for wi-fi hacking. This is a common scam for conference goers. When you attend a conference or trade show, you probably just expect that you will get free wi-fi, right? This allows you to take care of business and ensure that your booth runs smoothly. Hackers know this, of course, so they set up nearby and create fake networks. Once you connect to these networks, they can come into your device, take your information, and even watch everything you are doing online.

    Keep in mind that these fake networks look remarkably similar to the legitimate networks set up by the conference. So, always double check before connecting, and if you are ever in doubt, make sure to ask one of the conference or trade show organizers. They can confirm that you are on the right network. There are always going to be scammers out there, especially when you are attending a trade show or conference. There are just too many opportunities for scams, and they can’t say no. Fortunately, by following the advice above and by reporting any suspicious activity, you can not only make sure that you, yourself aren’t falling for these scams, but also help others to not fall for this type of nefarious scheme.

    Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

    How to Protect Your identity When Buying or Selling a Home

    Friday, May 24, 2019, 8:55 AM [General]
    0 (0 Ratings)

    If you are in the process of buying or selling a home, at some point, you are going to have to disclose personal information when you go through the process. Because of this, a home buyer, especially, is much more likely to become a victim of identity theft.

    Here are some ways to protect your identity when buying or selling a new home:

    Ask if Communication is Secure

    One thing to do is to make sure your mortgage and real estate professionals are using secure electronic communications. If they can’t articulate their security, such as they use two step verification, etc, then they aren’t generally secure. Otherwise, you should drop documents off in person.

    Ask How Personal Info is Handled

    Another thing to do is ask your lender how they will handle your personal info after the loan is complete. Are documents able to be stored securely? Will they be shredded when no longer needed?

    Ask About Security Policies

    You should also ask about the security policies of your lender and/or real estate professional. If they don’t have a security policy, they aren’t secure.

    Get a Referral

    Ask people you know for referrals for mortgage and real estate professionals. Verify that their licenses are current. Do business with those who others know, like and trust.

    Choose a Real Estate Team That You Trust

    Buying a new home takes a full team on both the sides of the buyer and the seller. So, you have to make sure that you trust them and that all of their credentials are up to date. You should also do your best to read reviews online.

    Be Aware of Frauds

    Fraudsters are always out there, and they take advantage of people looking to buy a home. For example, according to investigators, a California woman would offer to buy a home on behalf of the buyer because the buyer was under funded or an illegal immigrant. After the buyer provided the deposit, she would never be heard from again.So keep your eyes open as you go through the process.

    Recognize Money Wire Scams

    When looking at the home buying process, a report by the FBI’s Internet Crime Complaint Center said email fraud involving real estate transactions rose 1,110 percent in the years 2015 to 2017 and fraud dollars lost rose almost 2,200 percent.

    Nearly 10,000 people reported being victims of this kind of fraud in When looking at the home buying process, a report by the FBI’s Internet Crime Complaint Center said email fraud involving real estate transactions rose 1,110 percent in the years 2015 to 2017 and fraud dollars lost rose almost 2,200 percent.

    Nearly 10,000 people reported being victims of this kind of fraud in 2017 with losses over $56 million, the FBI report said. Real estate is only now tightening its belt and fighting back., the FBI report said. Real estate is only now tightening its belt and fighting back. The moment a wire transfer is requested via email, tell your agent or broker you want to meet them at the office to discuss. End of story.

    Be Cautious on the Internet

    During this process, you will be filling out a lot of forms and giving out a lot of your personal information. So, to help prevent any identity theft, you should only use a secure device on a secure network. You also have to make sure that you are using strong, varied passwords, and if you have to print out copies of documents, you should hide any account numbers or Social Security numbers.

    Use Credit Monitoring or ID Theft Protection

    When making a large purchase like a new home, you should make sure to have real time credit monitoring and identity theft protection.

    Freeze or Lock Your Credit Until Making an Offer

    You also might want to consider freezing or locking your credit until you are required to have your credit checked. Both options prevent a creditor from accessing your credit report, which stops a criminal from opening a new account.

    Credit locks are available from consumer credit bureaus for a small fee, and you can lock or unlock your credit whenever you want. A credit freeze is free but slightly cumbersome. Go free and learn it.

    Get a Copy of Your Credit Report

    It’s also a good idea to get a credit report if you are going to finance a home. Checking this report will give you a good idea of what you can afford each month, and it will allow you to see if there are any mistakes or unusual behavior on the reports.

    Stay Safe During the Closing Process Finally, remember that fraudsters are always out there, especially when people are using large sums of money. The Federal Trade Commission estimates that people lost about $1.48 billion to fraud last year, alone. So, it’s imperative that you keep yourself safe by avoiding things like phishing schemes, and if something sounds too good to be true, it probably is.

    Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

    The "Mother of All Data Breaches?" It Could Be Here…

    Friday, May 17, 2019, 9:56 AM [General]
    0 (0 Ratings)

    You have probably heard of one data breach after another these days, but this is one that you should really pay attention to: more than 772 million unique emails, along with more than 21 million unique passwords, have been exposed.

    Troy Hunt, who runs the website “Have I Been Pwned,” first reported this breach, and he says that a huge file (87 GB) was uploaded to MEGA, a cloud service. This data was then sent to a popular hacking site, and now hackers have access to all of these passwords and email addresses.

    This data breach, known as “Collection #1,” is very serious. However, it could just be the tip of the iceberg. There are claims that there are several more “collections” out there, and it could be as much as one full terabyte worth of data. This could be the newest “mother of all data breaches” if this is found to be true.

    So, what does all of this mean for you? It not only means that your information could be part of this breach, but it also could mean that these password and email combinations could be used in a practice known as “credential stuffing.” What is this? It’s when a hacker uses known email and password combinations to hack into accounts. Basically, this could have an impact on anyone who has used an email/password combination on more than one site.

    This, of course, is concerning because this particular breach has about 2.7 billion email/password combinations. On top of that, around 140 million of the emails, and 10 million of the passwords, were brand new to the hacking database, which gives the hackers even more ammunition to wreak havoc. The big lesson to be learned here is that you should always use good security practices when you create accounts online. You should never use passwords from one account to another, and you should definitely use two-factor authentication if it is available. If you don’t have a password manager, you might want to set that up, too.

    Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.


    Page 1 of 31  •  1 2 3 4 5 6 ... 31 Next

Blog Categories