One Simple Way to Protect Yourself in the Age of Password Dumps

Illustration for article titled One Simple Way to Protect Yourself in the Age of Password Dumps

In the last couple of hours three prominent social media accounts have been hacked: The Twitter accounts of Newsweek and Twitter CFO Anthony Noto, as well as the Facebook account of Delta Airlines. And there's more.

There were all those passwords published this morning too! A well-meaning security expert assembled 10 million previously-leaked passwords and released them out into the world today.


But that password dump was probably unrelated to the social media hacks. When I asked security expert Per Thorsheim whether there was any possibility of a correlation between the dump and this morning's hacks, he replied: "Close to none. Those attacks have historically been done using phishing attacks as far as I know."

In other words, those social media accounts got owned when somebody clicked on a link they shouldn't have, or put in their passwords into the wrong form.

Still, a data dump can be dangerous — just not in the way you might think. Usually scammers use information from a dump as the starting point to get a lot more.

In a security breach last week, insurance megacorp Anthem was hacked and lost what appear to be millions of personal details about its customers. Criminals immediately used these details to scam people. (If you are an Anthem customer you need to keep an eye on your credit and be more vigilant than usual about scams. Here is a very handy guide from our friends at Lifehacker about what to do if your Social Security Number is compromised.)


The good news is that just because somebody has your password doesn't mean you're doomed. You can shield yourself from some attacks if you simply use two-factor authentication on your accounts. Most prominent online services, including Twitter and Facebook, offer two-factor authentication, which makes it very hard for people to use password dumps to get into your accounts. That's because two-factor auth requires both a password and a key generated by an app on your phone. It's hard for adversaries to get both.

Take all of these hacks as a good reminder to get two-factor auth — and be leery of people who ask for more information from you for no good reason. It's just good data hygiene.


Share This Story

Get our `newsletter`


Sounds like a very big agency is going to be in very hot water.