Since I opened this blog, more than 190,000 attempts at unauthorized logins have been made.
Not just a quick drive-by either; concerted repeated attempts at hijacking the blog. Yup, there are people out there who have nothing better to do than to try and screw with other people’s stuff. I hope that this doesn’t come as a surprise to you.
Tracing the I.P. addresses of some of the attempts shows them to be in places as far away as Russia, Italy, and of course, China, and as nearby as California. Obviously, the world is full of people with nothing better to do than sit around and try to guess or hack login credentials.
The consequences can be severe, as documented in this excellent article that details the experience of Mat Honan, a Wired Magazine contributor, which you can read HERE.
If you follow the whole article, you will see that he did ultimately regain control of his digital life, but at great personal and financial expense. What’s really important to note, though, is that it involved a complex chain of actions on the hacker’s part, including some social engineering and some “educated” guessing, that resulted in his being able to put together enough little details to wreak major damage.
So many sites allow password resets by answering “security” questions that anyone who does a little research can find out easily. “What High School did you attend?” Ever hear of “Classmates.com”? Answered in 45 seconds of “research.”
The hackers find the one weak link in your security, learn one little fact, and then leverage that repeatedly until they steal your email, banking info, mobile accounts, and your digital life. One verification question that I get asked constantly both online and by phone is the last 4 digits of my social security number. At least 2 (if not more) websites that I am registered on, display it openly in my account profile. One of those sites isn’t related to anything “critical” like banking or shopping sites that store credit card information, and so you might think that a simple password there is all you need. Well, you’re wrong.
Another site uses the last 4 digits of my credit card number to “identify” me. Again, every time you use your card somewhere, that information spreads. Hack, hack, hack, hack. People constantly chopping away at your security.
So, just to be sure you get what I’m saying; Revisit your own security protocols, read articles about keeping your private information private, and beef up your weak and simple to guess passwords. Do it NOW, before the horse is out of the barn. Some 16 year old in Russia is looking for you and has plenty of time and more computer skills than you will accumulate in a lifetime. Trust me!