Are you using the same password for everything? You probably are, aren’t you? “That’s okay,” you’re thinking, “It’s a really, really hard password. Nobody will ever get it.”

Not so fast, fish-breath.

A recent post on the Twitter Status blog details a new way that some crafty crackers are stealing passwords. It basically works like this: You join a perfectly legitimate online community, a website that lets you share your favorite YouTube piano-playing-cat videos, for example, or a forum to discuss new ways of getting fourth-graders to study American history. A few months pass and you are happily sharing videos of Mittens hammering Beethoven or explaining to new friends why 8-year olds should learn about Crispus Attucks. Little did you know that the community you joined — the one that’s hosted in San Francisco and run by an innocent-sounding little Internet start-up — is actually owned by a couple of Russian teenagers who built the thing overnight for $32.

Now these kids have a database of all 8,319 other feline-loving and / or elementary school teachers that are using their site. And they have your username. And your email address. And your password.

And it’s the same password you use at Amazon and PayPal, isn’t it? It’s the same password you used when you created your GMail account and your Twitter account, too, isn’t it? And I’m guessing you used the same email address and password for iTunes, right? Now, my friend, you are screwed.

There’s really only one way to avoid this, of course:
Don’t use the same password for everything!

continue reading …

Tagged as: hacking, passwords, security

{ 2 comments }