Similarly, to the LinkedIn hack, millions of login credentials from other social media websites were also stolen and advertised for sale online. In particular, MySpace, a company that once dominated the social network, suffered one of the largest data breaches reported in history. While many people do not login into MySpace page anymore, every old account remains on the company’s servers. According to LeakSource, a well-known hacking tracking site, 427 million user passwords were stolen during the hack in 2013. Unfortunately, the leaked credentials put people at risk – in particular for those who use the same passwords for other personal accounts.
The ongoing issues caused by old data breaches lie within a company’s password security system. For instance, if a hacker collects username and passwords from a database, they will use vast combinations of passwords to see if any of them are correct. This method is efficient for targeting companies that allow short unsalted passwords. Since MySpace did not enforce password salting, experts discovered many people were using easy to remember passwords such as “password1,” “abc123” and “123456” for their login credentials. Thus, all user passwords have a weak encryption, or some would say it had no encryption at all.
Because millions were affected by the breach, MySpace became destined for failure. But despite the major downfall, the company attempted to retain the social network by taking “significant steps” to strengthen account security. In June 2013, MySpace began using double salted hashes to ensure user password security. Shortly after the MySpace’s 2013 relaunch, Russian hackers created a dark market website to sell all the stolen data. They did not sell the data immediately after being hacked. Instead, they waited several years before exposing the stolen credentials- in hopes that accounts would gain more value. The hackers finally made the old accounts available for sale in May of 2016.
Securing a user password with the help of modern hashing algorithms is the key to protecting personal information. Hashing is a cryptographic algorithm that converts data like passwords into a particular length of characters called a fingerprint. However, if password hashing system is weak or non-existent, then one’s personal information will be at risk. As many of these leaks have demonstrated, the simplest way to gain access to someone’s personal information is by cracking a weak hash. It can be done by guessing the password, hashing each guess, and checking if the hash equals the correct hash.
Another shocking report by Deloitte’s Canadian Technology, Media & Telecommunications arm, stated that more than 90% of user-generated passwords are vulnerable to hacking. We can prevent hackers from cracking passwords by salting or randomizing each hash, so that when the same password has been hashed twice, the hashes are different. The modern password security system, known as salting, has been improving the efficiency of cracking the hashed password database. By adding a random string of characters to existing passwords, the odds of accounts becoming cracked are much slimmer. Therefore, it is important to ensure the best practice for password encryption and enforce these security rules in your systems.
Even with salting, usernames and passwords are never fully secure. More advanced password cracking tools have been created to use when uncovering a large amount of data within a server. With this in mind, It is important for people to consider using additional methods for protecting their personal information. By implementing the best practices for password security, your passwords are less likely to become vulnerable to attacks.
The first step towards stronger security is by making a separate, unique password for each important account. By using the same password for every account, all vital information becomes readily available for savvy hackers. Even though several complex passwords can hard to remember, passwords should never be based on personal information. The best defense against cyber attacks is using a combination of numbers, special characters, and uppercase/lowercase letters. Just by following these short steps, each one of your personal accounts remains secure and less vulnerable to cyber attacks.