The theft of passwords and other data of users registered on Yahoo it happened two years ago. In August of this year, the responsible hacker communicated on the deep web, that part of the Internet that is not indexed, untraceable and navigable only through systems unfamiliar to the average user, that he had put up for sale the beauty of 200 million Yahoo user data for the price of 3 BitCoins (about 1.600 euros).
However, the staff of the American company informed its users of the theft only these days, stating that the number of potentially hackable accounts has risen 500 millionand it is an underestimate. It is probably the largest data theft never revealed in the history of computing. The blame for the delay is serious, especially since Yahoo is now trying to claim that the action against it was encouraged by some anti-American government.
Beyond the actual responsibilities, the hackers' loot is invaluable not so much for passwords, as in relation to bad habits of the average user. The package of data collected includes names, e-mail addresses, telephone numbers, dates of birth, "secret" questions and answers for the recovery of encrypted passwords. This means that it is possible, with a high probability of success, to try to recover other information by exploiting the acquired information, even extending the field to other portals, other sites and other services. Who has a superficial approach when using the Net, in fact, most of the time he uses simple passwords that are easy to remember, and uses the same access keys for almost all of the sites and online services to which he is registered.
To run for cover, in reality, it is sufficient to apply the few useful rules in these cases, namely:
- Change password and use one long and complex, be it diverse from those used elsewhere. Therefore also change all the passwords that can be traced back (when not identical) to that of Yahoo. A "complex" password is a string like this: @#de23i4i5k.!"009, a sequence of characters that is as difficult to find as it is to remember. A good suggestion, to avoid forgetting it, is to use tricks aimed at logical memorization, such as for example nursery rhyme initials such as “plmfmeimnfm” (Why The Cow Goes Mu And The Blackbird Doesn't Me), substitution of letters with numbers (1 for I, 3 for E, 5 for S and so on).
- Attivare verifies it in due passaggiwhere permitted. It is a combination of identification via PC and an additional security code sent to your mobile phone that you must always enter online.
Unfortunately, due to the guilty delay in Yahoo's communication, the greatest damage has probably already been done by the bad guys and the consequences may still have to manifest themselves, but a lesson can be learned from this case, on the user's side, not insignificant - because it is hoped that, on the other side of the Net, information security systems have already been cracked down -.
We must, in essence, convince ourselves that the passwords we use on the Internet, at least those that protect our sensitive data, are not so far from having the same role as our house keys or our bank account code. And that's why they go held in greater consideration, stored in a safe place, which are not different copies of a file, perhaps in the cloud, but not even just our mind. We therefore need a different approach to these apparent delays of a digital nature.
For those wondering who may be interested in the data of an account, where there are no credit card codes or important passwords, it should be remembered that the identity theft is the first weapon on which the Phishing, which can become a targeted tool if done through credible data. The Spammer I'm on a daily search for zombie accounts to hide behind for their massive scam emails. L'SOCIAL ENGINEERING it is now being exploited more and more frequently to steal information and create ad hoc scams against the most naive users.
