Forget about those hackers in movies trying to crack the code on someone’s computer to get their top-secret files. The hackers responsible for data breaches start by targeting companies, not specific individuals. They want to get data from as many people as possible so they can use, resell, or leverage it to make money. It all starts with getting your password.
It’s not personal. Not at first.
Hackers don’t really care whose personal information and credentials they can get, as long as they can get a lot of it. That’s why cyber criminals target massive companies with millions of users. These hackers look for a security weakness — the digital equivalent of leaving a door unlocked or window open. They only need to find one door or window to get inside. Then they steal or copy as much personal information as possible that lives in users’ online accounts.
Once they get your data, cyber criminals can start their real work. We don’t always know what they intend to do with the data, but usually they will find a way to profit from it. The effects to your online account might not be immediate. But they can be very serious.
All types of data can be valuable.
Some data — like banking information, bank card numbers, government-issued ID numbers, and PIN numbers — is valuable because it can be used to steal the victim’s identity or withdraw money. Email addresses and passwords are also valuable because hackers can try them on other accounts. All sorts of data can be valuable in some way because it can be sold on the dark web for a profit.
What makes a password easy to guess.
If hackers can get a list of email addresses from a data breach, they already have a good start. All they have to do is pick their website of choice and try these emails with the most popular passwords. Chances are, they’ll be able to get into quite a few accounts. So don’t use any of these 100 Worst Passwords of 2018.
- 123456 and password are the most commonly used passwords. Don’t use them.
- Switching a letter for a symbol (p@ssw0rd!) is an obvious trick hackers know well.
- Avoid favorite sports teams or pop culture references. Use something more obscure.
- Don’t use a single word like sunshine, monkey, or football. Using a phrase or sentence as your password is stronger.
- Don’t use common number patterns like 111111, abc123, or 654321.
- Adding a number or piece of punctuation at the end doesn’t make your password stronger.
One exposed password can unlock many accounts.
Hackers know people reuse the same passwords. If your banking password is the same as your email password is the same as your Amazon password, a single vulnerability in one site can put the others at risk.
It’s why you should use different passwords for every single account. The average person has 90 accounts, and that’s a lot of passwords to remember. Security experts recommend using a password manager to safely store unique passwords for every site.
Hackers don’t care how much money you have.
Think you don’t need to worry because you don’t have much money to steal? Hackers couldn’t care less. There are countless ways to leverage all types of personal data for profit.
Through identity theft, cyber criminals can open new credit cards or apply for loans in your name. By getting your financial information, they can make purchases or withdrawals. These attackers can even find ways to target your friends and family once they gain access to your email.