Friday the 13th 2012 started really poorly for Yahoo and its users. An estimated 435,000 Yahoo email accounts were compromised. This is paramount because many people have their email addresses as username and password notification for online services – more than just email data is at risk. This is in addition to a Yahoo! Japan subsidiary losing 5,698 companies’ website data hosted on their servers.
Both instances were not a case of devious ambitious hackers at play but a simple lack of security protocols. For the email accounts, Yahoo stored passwords in plain text, which were retrieved by a simple SQL injection. For the servers, Yahoo tried to upgrade its server system’s security, but faced problems with its computer programming and operating procedure – resulting in massive data loss.
In fact, it is probably not great for all Internet users as well as the repercussions of these failures stretch further. A data file published on the Web contained logins and cleartext passwords for Yahoo as well as several other Internet services, including Google Inc’s Gmail and AOL as well as Microsoft Corp’s Hotmail, MSN and Live sites. This means tens of thousands of people more could be affected. Also, cloud based storage has been taking a knocking recently with AWS’s outage and now Yahoo is following in its ill-advised footsteps. Needless to say again, cloud data is very vulnerable.
Yahoo’s latest (not their last) faux pas is among many high profile ones over the last few months (LinkedIn, eHarmony, Twitter and Gmail). The scary truth is that these major public embarrassments of major cloud data providers are just the tip of the iceberg.
According to Comm Touch, a research report on the “State of Hacked Accounts” reveals alarming statistics on the usual free accounts that most users gravitate to such as Gmail, Yahoo, Hotmail, and even Facebook. One website is hacked every 5 seconds and a whopping 540 million email accounts are targeted by hackers each year which means that every 1 in 5 email user is affected. At least 62% of all email users are unaware of the risk associated with their accounts and when these accounts are compromised. Less than 33% of users are not even aware when their accounts are hacked where over half of them rely on someone else to point out suspicious activity.
Compromised accounts will be used for many variations of two fraudulent purposes, Spam and Scam. As hacked accounts have “clean” IP address, the majority of them will be used to send unwarranted spam emails or fake links to malware/spyware/virus infested sites. Also, close friends on the contact list treasure personal emails, hackers send out “Friend stuck overseas” emails to exploit this trust for cash. Trusted sites with financial transactions can be diverted to phony sources. To many receiving such email or links, these may be laughable attempts at a con, but enough people get deceived for these spam and scams to continue.
Finally, to clear all traces of their activities, first, hackers alter all personal details so the real owners cannot claim ownership. Second, all data, emails and contacts will be deleted. Webmasters will help suspend the account but they will take at least 2 weeks to return it to the legitimate owner and there is no way to restore the data lost.
In light of all that, here are 3 methods to give everyone a peace of mind in cloud computing.
1. Diagnosis – find out if any email account is safe with https://shouldichangemypassword.com/
This is helpful, because passwords are not required into the service to check if your password has, indeed, been compromised. The service will check it against a lengthy database of breached emails/usernames.
If it raises any problems, a simple change of password would suffice.
2. Early warning – Be informed immediately when an account is hacked.
Always have a fake email address in the contact list; if a bot starts sending out spam, an Undeliverable Email notice will appear. Make sure that it’s an impossible email address full of junk characters, like aaf@5&!.com. If a bot starts combing the email address book and sends an email to that address, a notification will be instant.
If this happens to you, a simple change of password would be required.
Dropmysite is a company that backs up the Internet with a globally distributed infrastructure of servers. It focuses on backing up Cloud data, such as websites, databases, email backup, chat, social media, and more. Especially of note is Dropmyemail, a Cloud-to-Cloud backup solution for Emails, a freemium consumer service that lets you backup email, contacts, chat and calendars, automatically. It is a simple and secure process that works with almost all platforms, including backup Yahoo Mail, backup Hotmail and backup Gmail.
Even if after all precautions are taken, hackers prevail and cloud servers fail, data backed up will be secure.
With over 4 billion email accounts and 650 million active websites, the threat is looming dark. At some point in your life, someone had misappropriated your online email account and website. It seems that being hacked is inevitable and this makes for very ominous reading. Everyone and everything is on the Internet – with great accessibility, comes grave dangers. Though it may not be possible to stop hackers or servers outages, there are a few actions to ensure safety of data and identity.