Signing up for websites and services, you would assume the administrators deploy a certain cybersecurity level. But when things don’t go as expected, it can lead to a massive headache.
That’s why it’s important to take some security steps on your own. Since Google is one of the major tech players, it’s a good place to begin. Tap or click here for three Google settings to change ASAP.
Users of a popular adult website recently found out about inadequate security. A hacker breached its security protocols and managed to download a ton of personal information. Even if you’ve never visited the site, you could be at risk. Anytime a massive data breach like this occurs, numerous other threats begin to surface and could land in your inbox.
Here’s the backstory
Hackers performed an SQL injection attack on MyFreeCams and stole over 2 million usernames, passwords and email addresses.
The data hasn’t been posted onto the internet yet, but the hacker is looking to sell it. For $1,500, the hacker will send you 10,000 lines of data. Advertising his loot on a message board forum, the hacker claims that the information was stolen in December last year.
He writes: “Self-extracted in December 2020. 2 million premium and diamond members with username + email + CLEAR text passwords and token amount. Each account has various token – all time changing).” Tokens are the currency used on MyFreeCams and users pay real money to get them.
Why does it matter to you?
Besides the risk that adult websites can be infected with malware, storing a site’s usernames and passwords in plain text is incredibly dangerous. But MyFreeCams isn’t the only site guilty of that.
In 2018, it was revealed that Twitter stored passwords in plain text after a breach. This forced 300 million users to change login details. A year later, Facebook kept millions of passwords so that around 20,000 employees had access to them.
The biggest culprit of plain text password storage, however, is Google. In a 2019 blog post, the tech giant revealed that a bug caused some G Suite users’ passwords to be stored in plain text — for 14 years!
What can you do about it?
While you do not have control over the security a website employs, there are other ways to protect your data.
- Creating strong and unique passwords will be the first step in preventing a brute force attack on your account. And change your password often. Security analysts recommend changing all your passwords at least once every two months.
- If a website or service offers two-factor authentication, it should always be used. With 2FA, there is an added step in logging in and only you can access it. Even if hackers manage to get your details, they won’t be able to gain entry. Tap or click here for more details on 2FA.
- To check whether your data has been part of an information leak, you can go to HaveIBeenPwned. After entering your email address, the website will tell you which breaches contain your details. Tap or click here to find out how to use this helpful tool.
Consumers are never guaranteed that their data won’t be hacked or leaked onto the internet. By using the tips above, you will take pro-active steps to minimize the chances.
A good way to approach a website is to assume that it will get breached, and you need to mitigate the consequences. Make sure to use unique passwords for every account and website that you use.
Whenever there is a massive data breach like this one, be on the lookout for malicious emails. Scammers will take advantage of the headlines surrounding stories like this and send phishing emails, hoping to reel in many victims.
If you become aware of a possible breach, you should change your username and password immediately. If you have any banking or credit card details attached to the account, keep an eye on them for suspicious activity.