Scam of the day – September 12, 2016 – Four year old data breach revealed

It was recently disclosed that Brazzers, a porn website had been hacked four years ago.   Personal information of users of its forum in which subscribers communicated about porn movies was stolen and is now available on the Internet.  The information stolen included not only user names, email addresses and passwords, but also the substance of their  conversations in the forum, which could be embarrassing to Brazzer subscribers if the information became public leading to concerns about blackmail by cybercriminals with access to this information.  This data breach is reminiscent of the data breach at Ashley Madison, which proved to be extremely embarrassing to customers of that website that dealt with extra-marital affairs.  Of course, any data breach in which user names, email addresses and passwords are compromised poses a threat to the victims of the data breach who can be more seriously victimized by cybercriminals using that information to advance spear phishing schemes targeting the victims and luring them to click on links that will download keystroke logging malware that will steal personal information from the victim’s computer, smartphone or other electronic device and use that information to make the person a victim of identity theft.  In addition, many people use the same password for all of their accounts and once their password at one website becomes known, it can lead to attacks at other places such as online banking.

TIPS

The website Have I Been Pwned https://haveibeenpwned.com/ is a good place to go to find out if you have been victimized in a data breach.  This website gathers information about data breaches and you can put in your email address to find out if you have been a victim of any data breaches such as Brazzers where information is being circulated on the Internet.  It is also important to use a distinct and unique password for each of your online accounts so if you do become a victim of a data breach at one account, the security of your other accounts are not threatened.  Finally, for people who go to websites that they would prefer no one to know about, they should consider using a different user name and separate email address from their usual use name and email address.

Scam of the day – December 28, 2014 – Hackers release personal information of 13,000 people

Yesterday a group of hackers posted personal information including usernames, passwords and credit card information of 13,000 people on its Twitter account @AnonymousGlobo.  The hackers indicated that they had stolen the information from a large number of popular websites that they listed.  Among the websites listed by the hackers were Amazon, Walmart, PlayStation Network, Xbox Live and a large number of popular pornography sites including Brazzers.  The hackers later wrote “We did it for the Lulz” which is slang for doing it just for their own personal enjoyment and satisfaction.  While we do that much personal information was made public and thus putting the victims in danger of identity theft, we do not know if, indeed, the hackers actually did, as they stated, steal the information by hacking into the particular websites they stated or, alternatively, if they used phishing emails to their thousands of victims luring them to click on links in the emails and download keystroke logging malware that provided through which the victims’ own computers supplied the information to the hackers.  Either alternative is a source for concern.

TIPS

There are a number of lessons to be learned from this hacking.  One is to never leave your credit card information on file with an online retailer with which you do business for the sake of convenience.  It may save you a few seconds the next time you make a purchase with the particular retailer, but it also makes your credit card information vulnerable in the event that the retailer is hacked.  A second lesson is to use different usernames and passwords for each of your online accounts because if you do, as many people do, use the same username and password for all of your online accounts, in the event of a data breach at one company with which you do business, the hackers would be able to get your user name and password for all of your accounts, thereby putting you in greater jeopardy of serious identity theft.  Finally, it is important never to click on links in emails or text messages unless you are absolutely sure that the communication is legitimate and you have confirmed that fact.  Identity thieves are adept at tricking people into clicking on links that contain malware by making the communications look legitimate or even by hijacking the email account of someone you trust.