Leaked passwords and cyber security, is your website safe?

password-breach-hackers-tr8-media

Over the years there have been more and more cases where hackers have compromised a wide range of organisations and harvested the account details from them. These details usually include at least name, email and password but have also been known to include address details and debit or credit card info and paypal accounts as well as much more.

These compromised accounts are often sold on the dark web or as has become more prevelant of late – they are simply released publicly.

For the hackers out there, the value of that data from a stolen user account goes far beyond simply logging in to the compromised site.

Generally people online are not in the habit of using best practices when it comes to password management.

What do I mean by best practice?

Most people are unlikely to changes their passwords regularly or use strong passwords in the first place and generally people will reuse the same password from account to account. Therefore if a hacker gains access to one account, they may well be able to explore all of the users other accounts and then hijack them at will.

Gaining website admin access from the leaks

It seems that hackers are taking a direct approach to finding websites that utilise the username / password combinations to gain admin access. The leaks gave an email and password – the hackers are simply checking the email against the DNS records of the site and looking for potential targets.

Hackers are using brute force attacks with these username / password combinations and although on average they are only trying four times, the leaked accounts give them a much higher chance of success.

Where are the leaks coming from?

There have been numourous leaks over the years but there are now 1.4 billion records on file in a downloadable database which include historical leak data. If you want to check yourself and see if you have been party to a breach then you can visit https://haveibeenpwned.com/ where you can check your email address and view potential leaked data.

Ensuring your website is not at risk

1 – Ensure that you have strong and unique passwords on all user accounts and that these are not shared with anyone.
2 – Delete any unused accounts and admin accounts that are not in use.
3 – Change your default “admin” username to something harder to guess.
4 – Enable two-factor authentication on all admin accounts.
5 – Check to see if your email is part of the breach.
6 – Check to see if your password has been exposed in the breach.
7 – DO NOT USE THE SAME PASSWORD ON MULTIPLE ACCOUNTS.

/ Latest News, Web Design & Development / Tags: , ,

About the Author

Tim Lord

Tim Lord is the Creative Director of TR8 Media; a designer, web developer, producer, business development & marketing consultant with over 14 years experience in IT and Media Production.

Connect with Tim Lord:

Related Posts

laptop-lifestyle-business-tr8-media
Read More
Start a Lifestyle Business Online and run it successfully
2) Jing-Jin-Ji - Largest City
Read More
Cities of the near future
tr8 media wordpress security
Read More
Security tips for your WordPress Website
eu_vat_rules_change_digital_services_2015_tr8_media
Read More
VAT on digital services in the EU 2015 rule change – must read!
trait--media-blog-startups
Read More
Before Your Startup – 5 tips to Be More Successful
startup-money-trait-media
Read More
The Language of Business Startup Finance
mobile-app-development
Read More
Mobile App Development Services
TR8 Media Simple Video Editing Tips for your video or film project
Read More
Video editing tips you should consider to improve your video production

Comments

No comment yet.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.