September 6, 2012 No Comments-
I originally thought there wasn’t much a video game – especially one set in a medieval fantasy world – could teach me much about internet security and hacking. In fact, I learned just how much data hackers have on us, and why we all need to be more careful.
As a favor to a friend, I agreed to test out the new Guild Wars 2 computer game, which requires you to login on the internet to play. Just one day after creating my account, however, I received an email saying that someone had tried to login with my details – from China. Two hours later, it happened again.
It’s been just over a week since the game launched, and I’ve now had 10 emails detailing attempts to access my account from China. I live in Europe.
Thankfully, creator’s ArenaNet make players confirm login locations via email, so all these hacking attempts have failed. But the ordeal made me realize that someone, somewhere, has a copy of both my email address and the password I used for Guild Wars. How?
How Did They Get My Password?
Because I hadn’t been that interested in playing the game, I realised that I had just defaulted to my generic, “I’ll just make an account quickly” password – the same one I’ve been using for ten years.
On the plus side, this password is so engrained in my memory that I will never, ever forget it. On the down side, it means it’s likely that a criminal has stolen it somewhere along the line.
So how did they get it? I know I’ve never failed a phishing scam – my own experience with computers and my Norman-powered phishing protection have stopped that.
And then I realised: about a year ago, a website I had left a comment at in 2010 got hacked. And it had been linked to this email address. And, because I decided, “I’ll just make an account quickly”, I used the same password as before. Idiot.
So now I know that somewhere out in cyberspace – probably re-sold time and time again, and featured on various hacking databases, is my email address and my generic, go-to password, linked together for hackers to exploit. It feels horrible.
My advice? Stop using that generic password you use for everything – chances are, it has already been stolen and you just don’t know it yet.
And always ensure that your email password is different to every other account on the web. Had the hackers got a hold of that, they could have verified all of their login attempts, and probably stolen all of my gold – both virtual and real.
Made up of various contributors' opinions and insights - the power of the collective.
Norman Safeground Blogs Archive