August 23, 2019
Someone Has Your Password
By Chris Gaarde, Assistant Editor
In just the first six months of 2019, there were 4.1 billion “compromised records” in data breaches… including passwords, usernames, private photos, credit card data, and even Social Security numbers.
That’s more than a dozen pieces of important, private information for every single American.
Right here in Baltimore, we’re only now recovering from a security breach and ransomware attack that occurred in May… an incident that affected the e-mail and voicemail of city officials, as well as parking ticket databases and the systems used to pay utility bills and taxes.
In lieu of paying a bitcoin ransom of roughly $75,000 to $100,000, the city chose to recover and restore the systems itself… at a cost of about $18 million. And Baltimore isn’t alone.
The city is just one of at least 169 state and local governments affected by security breaches and ransomware since 2013. And while neither Baltimore nor the FBI have said how the breach occurred, odds are good that human error and even apathy played a role.
Earlier this year Google introduced an optional Chrome browser extension – kind of like an app for your browser – that shows a warning when you log into a website using a leaked username or password. (The technology behind the browser extension is complicated, but Google worked with Stanford cryptographers to ensure that the login data is encrypted and anonymous.)
In just the first month of use, Google found that about 26% of users continued to use their compromised passwords… including ones stolen from financial and government accounts. And those users were 2.5 times more likely to reuse those same passwords elsewhere.
To be fair, secure passwords can be some of the hardest to remember. I can barely remember my grocery list, let alone a handful of 13-character alphanumeric passwords. But not changing a password that you know was leaked is asking for trouble. Reusing it is begging for disaster.
So, have you been affected? And if so, what data has been compromised?
In addition to installing the Chrome browser extension, a good place to start is haveibeenpwned.com. The website contains a database of past and current data breaches. Simply input an e-mail address and the site will tell you if, when, where, and what was leaked.
Once you’ve done that… Change your passwords to something secure and close any accounts you no longer use.
You should also take advantage of your right to free annual credit reports. You’re allowed one free credit report from each of the three services every year. To get started visit annualcreditreport.com.
Chances are good your personal information has already been exposed in one breach or another… and chances are even better that these breaches won’t stop any time soon.
Many businesses wrongly assume they are too small to be on the radar of the threat actors. The truth is that it is all about the data, and small businesses often have less well-guarded data stores.
I’m not sure why a person wouldn’t change their password when they find out it was compromised, but maybe the message isn’t clear enough… There are plenty of tools you can use (free or paid) to alert you that it might be time.
The incident in Uganda and another in Zambia, as detailed in a Journal investigation, show how Huawei employees have used the company’s technology and other companies’ products to support the domestic spying of those governments.
And let us know what you’re reading at [email protected].
Assistant Editor, American Consequences
With P.J. O’Rourke and the Editorial Staff
August 23, 2019