A huge database with info on Americans found open on web, World Password Day, a celebrity fraud victim and no free lunch.
Welcome to Cyber Security Today. It’s Wednesday May 1st. I’m Howard Solomon, contributing reporter on cyber security for ITWorldCanda.com.
To hear the podcast click on the arrow below:
Another clumsy company employee has apparently left a valuable database of information sitting open on the Web. Researchers at security firm VPNMentor discovered the unprotected database with information on 80 million American households just sitting on one of Microsoft’s cloud servers. These are servers that anyone can rent. Who the database belonged to no one knows — possibly an insurance or mortgage company — but it lists people’s names, date of birth, marital status, income bracket and other things. Knowing information like that can help identity thieves and hackers get more sensitive information and possibly send an email to trick you into giving up passwords. Since the this discovery was reported Microsoft notified the owner of the database and it’s no longer public. But it’s another example of how employees foolishly store things on a public server and forget to make sure it’s password protected. Who would put a database out in the open? Well, some companies allow staff to store things on external servers hosted by services like Microsoft, Amazon, IBM and others. One advantage is these services offer computing power for data analysis. But anything put there has to be locked down. Organizations must have and enforce strict policies employees have to follow for putting data in the cloud.
Every day is a day to think about how to increase your online security. It just so happens that tomorrow is World Password Day. That means thinking about ways of making it harder for bad guys to take advantage of you. As I’ve said before, having a passphrase you can remember is better than most passwords. It can be built around your initials, for example. Or something you do. Do you like to run or jog? Create a passphrase around R-U-N or J-O-G. Use a password manager to keep track of all your passwords. And don’t forget to enable two-factor authentication on major websites like your email, bank, Twitter, LinkedIn and place of employment. Two-factor authentication means you get sent a special short code, usually to your smart phone, as an additional verification for your name and password login. And remember, every device you have that connects to the Internet has a password — that means your TV, smart speakers, door locks, baby monitors. Don’t use the default password they come with. Change to passwords only you will know.
On Monday’s podcast I told you about taking a quiz to spot fraudulent celebrity social media sites. Well, security vendor Tripwire reports that someone recently pretended to be tough-guy actor Jason Statham when she was on a Facebook page dedicated to the performer. Over time the con texted her and pretend to fall in love. Then he asked her to send him money because a film payment had been delayed. Unfortunately, she sent him an unspecified substantial amount of money before catching on. Why did she fall for it? Because at the time she was feeling down. The con took advantage of her loneliness.
People hate paying for things they think they can get for free. Like software, TV shows, sports games, and movies. Well, buying a streaming box or USB streaming key that will give you illegal content may also get you hacked. According to a study by the Digital Citizens Alliance, often illegal devices come with malware, or will automatically download malware after they’ve been installed. Some devices being sold on the web are compromised versions of legitimate streaming devices – including Amazon Fire TV Sticks and “Kodi boxes” – but include malware. So be careful of where you buy streaming devices from, and remember, if piracy is what you want don’t be surprised if you get hacked.
Finally, just as I was getting ready to record this podcast I got a call from someone claiming to be from the “Windows Technical Department.” This is another version of an old scam.
That’s it for Cyber Security Today. Links to details about these stories can be found in the text version of each podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at businesses and cyber security professionals. Cyber Security Today can be heard Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening.