Users lose control of Facebook, email, Gmail, Yahoo!, Twitter and other online accounts frequently. agreed representatives from Microsoft, Twitter, Yahoo!, Responsys and Dropbox during a breakout session at the Online Trust Forum 2012 held earlier this month. While all the companies actively patrol for anomalies and conduct behavior analysis, breaches still happen, and while no one on the panel (nor among the who’s who in the audience) wanted to stake out a firm number, they agreed it was in the ballpark of hundreds of thousands each day. That number is plausible if you stop to recall this summer’s Yahoo! breach where over 450,000 accounts were hacked in one go.
Ramses Martinez, director of security at Yahoo! did not talk specifically to the breach, but talked in general terms noting that the impact of such a breach is really on the brand more than the infrastructure, admitting that it can “indirectly affect revenue.”
The impact of account takeovers at Dropbox, notes Cory Louie, head of trust, safety and security for the company, is that customer’s expectations of being protected by Dropbox are not met. “You lose trust immediately. The blame comes on you as a service provider, whether you are responsible or not.”
Over at Twitter, Bob Lord, head of information security, explained that due to the nature of Twitter that a Twitter name is a personal brand, and that followers follow that brand. “When you lose control of the account, it is anguish to the people affected.” But Lord observes that while “many people act like they know security, their behavior online says otherwise.”
The group discussed how passwords are key to tighter security, but that users, even after much education and recommendations provided, are still re-using passwords, or have very weak passwords.
At the time of the Yahoo! break-in, the top password, representing 38%, was 123456. Here is the other top nine:
- password = 18%
- welcome = 1%
- ninja = 08%
- abc123 =.06%
- 123456789 =.05%
- 12345678 =.05%
- sunshine =.05%
- princess =.05%
- qwerty =.04%
Lord made an interesting point, for Twitter and many other social media sites, an email address acts as an anchor of trust. When email users lose control of their email accounts, it can impact Twitter and other sites.
So what are people losing when accounts are hijacked? “There is not necessarily a financial impact,” says Martinez. “But the contacts in your network, the ecosystem, that is the concern.”
The entire panel agreed with Lord in that patrolling for break-ins is more art than science. Even the people who have their accounts hijacked usually have no idea anything has happened until their contacts start asking questions about the spam coming into their inbox from their trusted friend.
The bottom line, protect your email accounts. Use a password tool, or develop a password strategy that allows multiple passwords to be used rather than reusing the same one for many different sites, and change passwords often. In today’s messaging world, keep in mind that email is the anchor of trust and doorway into many other channels, like Facebook, Twitter, Dropbox and LinkedIn.