All 3bn of Yahoo’s accounts were hacked in 2013, the search giant revealed last week, triple the previously stated 1bn, making it the biggest data breach so far.
This followed the staggering hack of US credit agency Equifax last month, exposing the personal details of 145.5m Americans, including their credit cards details and social security numbers. It’s a stupendously big deal and confirms just how dangerous having all of our details in digital format can be.
Until this, the biggest hack was against US retailer Target, which paid a $18.5m settlement in May to 47 states over the hack that affected some 40m customers over the 2013 Christmas shopping period. You almost want to call it ingenious, given the frankly clever way they did it, when hackers infiltrated Target’s servers as people swiped their credit and debit cards
If you weren’t worried about the your privacy online, you should be.
Hackers are the new cat-burglars, the new Pink Panther thieves – and the responses from the various hacked institutions appear like they were being orchestrated by the klutz Inspector Clouseau (so famously played the legendary Peter Sellers) given how hackneyed they have been.
In many cases, the hacked firms didn’t own up themselves about being compromised. Thankfully security researchers publish such findings, including the excellent service Haveibeenpwned.com.
This includes South Africa’s own biggest data breach when cinema chain Ster Kinekor had 6m accounts and 1.6m unique emails details stolen last year but it only emerged this March, when Haveibeenpwned notified affected users, including me.
Pwned is gamer speak when you beat or “own” someone, which legend has it was a misspelling by a game designer who meant to write “owned”.
So what can you do?
These are the generally accepted practises for security hygiene. And you should do all of them, and be thoroughly paranoid.
Firstly, don’t have the same password for all your websites.
Secondly, choose a secure password that is different for all the sites and services you use. Don’t use the obvious things like your kid or pet’s name, your or their birthdays or anything that a simple web search could uncover.
Thirdly, you can write your passwords down on a piece of paper – just don’t store it on your computer. Ever.
Fourth, if you can’t remember passwords, use a password manager. Apps like 1Password and LastPass allow you to save a variety of passwords (which autofills them for you in various sites) and access them using a single password.
If you’re worried join Haveibeenpwned.com which will alert you if any sites you’ve registered with your email address have been hacked.
Similarly, don’t keep a scanned copy of your passport nor identity document on your computer and NEVER email them to people. Ever.
Your online security is incredibly important and you should take care of it yourself – and not expect a firm to be infallible as the Equinox hack demonstrated. Be paranoid. No one else cares as much as you should about your identity or credit card details being stolen.
This column first appeared in Financial Mail
First published on 13 October 2017