Data Breaches

[Moneygrubber]

A couple weeks ago supposedly the Russians stole millions of passwords so I changed all of mine. Very aggravating and time consuming. Now it's JPMorgan and some other unnamed institutions. They say people will be made whole if funds are stolen. Who makes investors whole if 500billion is stolen from Fidelity? Does this worry folks? It worries me I see a zero balance some day on my brokerage account.


Sent from my iPhone using Early Retirement Forum

[Chuckanut]

I thought they stole email IDs not passwords. And that was over a period of many years.

Quote:

Yesterday, security firm Hold Security revealed that 1.2 billion email addresses had been stolen by Russian hackers. Security expert Brian Krebs has responded to the news by posting answers to questions on his blog. In the post, he reveals that major spammers rely on lists of billions of email addresses in order to distribute malware. Should email users be concerned? "If you are the type of person who re-uses passwords at multiple sites — including email accounts — then the answer is yes," he writes. "If you re-use your email password at another site and that other site gets hacked, there is an excellent chance that cyber crooks are plundering your inbox and using it to spam your friends and family to spread malware and to perpetuate the cybercrime food chain."

Brian Krebs Explores Massive Russian Email Hack 08/07/2014

[Moneygrubber]

1.2 billion passwords and usernames in early August.


Sent from my iPad using Early Retirement Forum

[sengsational]

Quote:

Originally Posted by Moneygrubber A couple weeks ago supposedly the Russians stole millions of passwords...

More accurately someone announced a compilation of a lot of low-value userid/passwords that had been collected over years of hitting small "mom and pop" web sites (not the big important web sites).

Quote:

Originally Posted by Moneygrubber so I changed all of mine.

Probably not necessary to change your passwords unless you use the same userid and password on junky little web sites as well as high-value web sites.

Quote:

Originally Posted by Moneygrubber Very aggravating and time consuming. Now it's JPMorgan and some other unnamed institutions. They say people will be made whole if funds are stolen. Who makes investors whole if 500billion is stolen from Fidelity? Does this worry folks? It worries me I see a zero balance some day on my brokerage account.

You can protect yourself to some degree by never using the same password twice, and not using guessable passwords. A password manager like LastPass makes it pretty easy. If you don't need it on your smart phone it's free. And I think it's $1/mo if you want to use it on your smart phone.

As to having my account show zero one morning, not much chance of that. The hacker would have to log in as me, change my email address, change my mailing address, add account that allow transfers to other accounts, and since those other accounts wouldn't have my name associated, then that would put up a huge red flag. I'm not saying they couldn't do anything bad, just that a goose egg would be very unlikely, I think.

[Moneygrubber]

Well i feel better now, but i see a pattern and i think continuing attacks will at some point yield success for these criminals.


Sent from my iPad using Early Retirement Forum

[sengsational]

Quote:

Originally Posted by Moneygrubber Well i feel better now, but i see a pattern and i think continuing attacks will at some point yield success for these criminals.

They do succeed, but more like a gnat taking a little bite vs. a shark taking a limb.

The thing that bothers me more than these kinds of criminals are the American banks and credit card issuers. We each pay a little more for our goods and services though hidden costs (merchant fees), because the US has not gone to a proven/available technology (chip and pin).