Study reveals password re-use is rampant
- — 04 August, 2010 15:53
Security software vendor BitDefender has released a study claiming that 250,000 e-mail addresses, user names and passwords are currently circulating online via blogs, wikis, torrents and forums.
The findings pose security concerns to the way people set up and secure their e-mail and social network accounts including Facebook, Twitter, MySpace, and LinkedIn.
Of the 250,000 e-mail addresses found in the survey, 87 per cent of these were still current and anybody could use the credentials to access e-mail and social networking accounts. More alarmingly, 75 per cent of the social networking accounts were found to have identical login details to their respective e-mail accounts.
BitDefender says that the findings indicate that many people do not choose unique log-ins to these online services. "Such an incredible amount of sensitive data is just several clicks away from hackers and malware writers so choosing unique logins for each of your accounts is vital," said Sabina Datcu, threat analyst at BitDefender. "Particularly worrying is the huge volume of e-mail and various social media accounts that we’ve discovered together with their passwords in places such as blogs, collaborative platforms such as Google docs, wikis, forums and torrents."
Datcu also stated that serious security threats that could result from password and/or login thefts. These range from data theft, hacking e-mail and social networking accounts for spam and credit card fraud using identity theft.
BitDefender advises users to change their social networking and e-mail passwords regularly and not keep any record of them online. Storing login details on a secured USB key with both hardware and software encryption is also recommended.
Comments
Maxell
1
BitDefender has been doing a lot of mistakes this year. First there was the Fake Alert accident (well, that's excusable, given that some other vendors smashed computers lately).
Then BitDefender started manipulating news (such as the so-called iPad virus) which mrs. Datcu so kindly deformed to fit her purpose: that of stuffing BitDefender into users' throats.
And now they log into Facebook using our credentials, which is not only immoral, but also highly illegal when done without the affected users' consent.
This somewhat reminds me of the BBC tapping into the Mariposa botnet for "research". Judging by your total disregard in terms of user privacy and work ethics, I'm inclined to label you as some sort of media whore rather than a threat analyst.
I hope you made your boss proud and sold well.