Security Notes – Recent Happenings

Security Alert! Security Alert!

Five million gmail account usernames and passwords leaked by Russian hackers!
Facebook Poker lottery scam!
iThemes membership database compromised!

If you are online at all (have an email address? visit websites? have a smartphone?) you are vulnerable to hacking, scams, and identity theft. I see more than my share of the results of lax security. I feel as though I take adequate precautions and security measures, and yet all three of the above headlines directly impacted my workflow in the past week.

Gmail password security breachMy gmail address was one of the 5 million that was leaked, lucky me! I was informed by LifeLock of the address/password combination that had been leaked, and fortunately, it was an old password. I had changed it recently, and I changed my gmail password again. However, since I use the gmail address as my “username” or login name on several accounts, that old username/password combination was still in use, and I spent a considerable amount of time changing a lot of passwords!

LastPass password SecurityLastPass, a password generator and keeper, has been invaluable in the process. Not only does it keep all your passwords, it can tell you which sites use the same username/password combination, and gives you a security “score” with ways to fix a low score and increase your level of security. It will generate secure passwords, and enter them automatically for you, if you choose to have it do so. There is an add-on for mobile devices (an astoundingly reasonable $12 a year). LastPass definitely made a tedious task a bit less time consuming, a lot more secure, and will continue to provide peace of mind going forward.

Facebook security issuesFacebook, ah, Facebook! The scam I was exposed to has been around for awhile, but it was my first brush with it. I received a “friend” request from a gal that I thought was already a friend. I accepted the request, thinking she had cleaned her friend list, or somehow redone her account – the request has her picture, her name… a little bit later I got a chat notification, I replied, but the conversation seemed … off. It didn’t sound like my friend. It was a CLASSIC example of the Poker Lottery scam. I texted her on her phone, and she was NOT chatting with me on Facebook. I closed the Facebook chat, and saw I had TWO friends with the same name. I “unfriended” the fake (the profile was nearly empty, unlike the “real” friend) and advised her to report the duplicate.

iThemes is a suite of software tools I use as I develop websites. There are a host of plugins that add functionality, backup options, cloud storage, and a security suite. I use those tools extensively, I pay a good sum of money each year to iThemes to maintain my software licenses to their products, and learning that their database, usernames, and password storage had been compromised was unsettling to say the least. Yes, they took immediate steps to rectify the problem, and reset all our passwords, and required us to change them all again, but it’s unsettling all the same.

As I said in the first sentence, I feel as though I, personally, am doing what I can to protect my online “stuff” – I use LastPass to generate secure, strong, unique passwords. I am eliminating the use of the same username/password combination for multiple sites. Many sites use an email address as the username, and it’s tempting to use the same password that you associate with that email address; I’ve done it. It’s not good practice!! Even with all the steps I am taking, I can’t control what happens to my information that is in the hands of other companies.

I didn’t intend for this to end on such a negative note, but it is what it is. Have a wonderful week!