[:en]
On Wednesday the Internet was abuzz with news of a Wisconsin security firm obtaining a database of 272 million e-mail addresses, with their associated passwords, from a Russian fraudster.
How did a cyber criminal get his hands on the e-mail addresses and passwords?
Easily, by using the same phishing tricks that we regularly warn you about – using an e-mail, warning you about upgrades to Outlook and that you must “CLICK” on the link to activate the upgrades or your account. Victims literally give their e-mail address and password to the fraudster.
Several of our colleagues were fooled by the mail and did actually go to the site and unwittingly gave their details to the scammers. Luckily, we were able to help them quickly to undo the damage.
However, in retrospect, a deeper problem was picked up:
The stolen passwords and email addresses from the Russian database, which included Gmail, Yahoo and Russia’s mail.ru accounts, were not hacked directly from GMail or Yahoo but they had been taken from various smaller, less secure websites where people use their email addresses along with the SAME password to log in.
Those people who tend to use the same password for multiple sites as well as their email are at risk and should change their email password and avoid using “one password for everything”. It is like having a master key for every lock on your house. If that key is stolen then burglars can get access to every locked door in your house using one key!
Secondly, if you suspect your e-mail password has been compromised and you change your password, it should always be changed to something COMPLETELY different. In other words if your password is for instance “Christopher123”, then changing your password to “Christopher124” is not good enough that change is easily guessed.
If you have a Gmail or Yahoo account and are concerned that your e-mail address is possibly on the Russian database, then you can go to the following links: (they are safe as they do not ask for passwords)
http://securityalert.knowem.com/
https://haveibeenpwned.com/
[ARTICLE BY DAVID WILES]
[:af]
`n Wisconsin sekuriteitsmaatskappy het `n databasis van 272 miljoen e-posadresse, met hul wagwoorde, by `n Russiese kuberkraker gekry en die internet is behoorlik aan’t gons daaroor.
Hoe het die kuberkraker die e-posse en wagwoorde in die hande gekry?
Maklik. Deur al die skelmstreke te gebruik waarteen ons julle gereeld waarsku – deur `n e-pos te stuur wat jou in kennis stel van Outlookopgradering en dat jy moet kliek op `n skakel om die opgraderings te aktiveer. Slagoffers gee letterlik hul e-posadresse en wagwoord vir die kraker.
Etlike van ons kollegas is reeds om die bos gelei deur die e-pos en het inderwaarheid na die webwerf gegaan en hul inligting vir die swendelaars gegee. Gelukkig kon ons hulle vinnig help om die skade ongedaan te maak.
`n Dieperliggende probleem is egter, terugblikkend, opgemerk:
Die gesteelde wagwoorde en e-posadresse van die Russiese databasis, wat Gmail, Yahoo en Rusland se mail.ru ingesluit het, is nie direk van GMail of Yahoo verkry nie. Dit blyk of dit eerder vanaf kleiner, minder sekure webwerwe, waar persone hul e-posadresse en DIESELFDE wagwoord gebruik het om aan te teken.
As jy dieselfde wagwoord vir meer as een webwerf en jou e-pos gebruik, is jou risiko die hoogste. Verander jou e-pos wagwoord en probeer om nie een wagwoord vir alles te gebruik nie. Dis gelykstaande aan `n loper vir elke slot in jou huis. Indien die sleutel gesteel word, het inbrekers toegang tot elke geslote deur in jou huis met net een sleutel!
As jy vermoed jou e-pos wagwoord is een van die wat blootgestel is, verander dit dadelik. En as jy dit verander, verander dit na iets HEELTEMAL anders. Byvoorbeeld, as jou wagwoord “Christopher123” was, gaan dit nie help jy verander dit na “Christopher124” nie, aangesien dit ewe maklik geraai kan word.
Indien jy `n GMail of Yahoo rekening het en bekommerd is dat jou adres moontlik op die Russiese databasis, kan jy by die onderstaande skakels gaan kyk: (hulle is veilig, omdat hulle nie vra vir jou wagwoord nie)
http://securityalert.knowem.com/
https://haveibeenpwned.com/
[ARTIKEL DEUR DAVID WILES]
