Thursday, April 28, 2011
THE Sony Playstation network breach is a pretty severe compromise because of both the number of users affected and the level of information that has been accessed by hackers.
The extent of the information that has been compromised leaves most of these users wide open to identity theft. It is a virtual certainty that large numbers of these users will have used the same email addresses and passwords for all of their online identity. This dangerous but widespread practice means whoever did this has the potential to hack into multiple personal accounts of people affected.
Clearly, the most attractive targets are those users who used the same email address and password for high-value accounts, such as PayPal. A key to good internet security is to use separate, hard-to-guess "strong" passwords for any account that facilitates access to financial transactions. Anyone who thinks they may have been affected should change all such passwords immediately.
Even users who don’t believe that their high-value accounts are at risk should not be complacent. There is no comfort to be taken from speculating that the perpetrators of this hack are, given the scale and high profile of the target, most likely relatively sophisticated criminals who may not be interested in ordinary users’ non-financial accounts such as Facebook and Gmail accounts. In fact, once the lucrative stolen user account details have been used, the rest are most likely to end up sold to the small-scale scammers. These conduct less lucrative scams such as hacking personal accounts and posting fake "sob story" requests about being mugged while abroad and needing friends to wire them money. It may be hard to believe, but such crude attacks have a surprisingly high success rate.
Additionally, we are probably only seeing the tip of the iceberg, since many such security breaches are not disclosed to users.
lCian Blackwell is Partner at Business Risk Services in Grant Thornton (Accountants)
© Examiner Publications (Cork) Limited, City Quarter, Lapps Quay, Cork. Registered in Ireland: 73385.
