With thousands of Roku, Twitter, LinkedIn accounts hacked — how can you protect yourself? We asked an expert
GETTY IMAGES
UK fraud victims lost £2.3bn last year, what can you do to ensure you avoid becoming another statistic?
We might only be three months into 2024, but it’s already been a rough year for online security.
Last month, security researcher Bob Dyachenko revealed the existence of a treasure trove of 26 billion stolen passwords and account details being shared on the gloomiest corners of the web by hackers. Weighing in at 12 terabytes, the database, which included millions of logins for Twitter, LinkedIn, Telegram, and Dropbox, was nicknamed the “mother of all breaches” by the expert who discovered it.
The scale of the leaked data was unprecedented, with the record previously held by a stash of 3.2 billion records — just 12% of the breach discovered within the first few weeks of the year.
And then just a few weeks later, Roku disclosed that 15,363 accounts were compromised by hackers who used credit card details saved in the online profiles to subscribe to streaming services, like Netflix and Prime Video, and order new hardware from Roku.
There’s serious money to be made by breaking into online accounts. Accounting firm BDO calculated that fraud across the UK doubled to £2.3 billion last year, making it the second biggest year for scams in the last 20 years. According to BDO, the biggest factors behind the terrifying rise were the increased popularity of online scams, phishing attempts, and system breaches.
With the stakes so high, what can you actually do to shield yourself from these online breaches?
GB News asked Darren Guccione, who co-founded Keeper Security — a security firm that’s been successfully approved as part of the US government’s FedRAMP initiative, which gives the stamp of approval that cloud products from private companies are secure enough to be used by departments in the federal government. Clearly, Mr Guccione knows what he’s talking about then.
With 26 billion logins for popular websites including Twitter, LinkedIn, and Dropbox being widely shared by hackers, is it time to do more to protect yourself online?
GETTY IMAGESSo, we asked the cybersecurity coder and entrepreneur about the best way to equip yourself against the recent spate of hacks.
"Your personal information is everywhere online these days and safeguarding yourself against cyber risks must be a priority, as proven by the recent data breach Roku suffered,” Mr Guccione told GB News. “Credential stuffing, a popular tool in a cybercriminal’s arsenal and utilised in this breach, involves using automated tools to exploit reused passwords across multiple online accounts.”
"This type of attack is not new, but it reinforces the criticality for both individuals and organisations to prioritise strong authentication practices, such as using unique passwords and implementing Multi-Factor Authentication (MFA) everywhere possible. While these aren’t the most exciting controls to talk about, it remains a fact that 74% of breaches involve the human element, including stolen credentials, phishing attacks, misuse or a simple user error.”
So, if one of the weak points of protecting your valuable information — like email address, password, payment information, and home address — is human error or mismanagement, how do you take that out of the equation?
Mr Guccione said: “Attacks like these highlight the need to use a password manager as a first line of defence because no one is safe from cyber-attacks. Account protection begins with a secure password that is not easily guessed and has not been used for any of the owner’s other accounts.
“A password manager creates high-strength random passwords for every website, application and system. Further, it enables strong forms of MFA, such as an authenticator app, to add layers of protection to your accounts and make it significantly harder for bad actors to gain unauthorised access.”
Darren Guccione, who serves as the CEO of Keeper Security, provided some easy-to-follow security tips to ensure you’re doing everything in your power to shield against these types of attacks.
Of course, there's an element of bad luck when you’re caught up in any of these mass data breaches. But following these rules puts you in the best possible position to avoid a hack.
Sure, this one sounds pretty obvious — and you’ve probably already heard it before, but what does it actually mean? For starters, use a combination of uppercase and lowercase letters, numbers and special characters, and make sure you’re using an entirely different password for every single account. A password manager is a great tool to help you simplify the process of generating, managing and securely storing complex passwords for your accounts.
It can be annoying to have to wait for a unique six-digit code to sent over text message each time you want to login to your account, but using Multi-Factor Authentication provides a critical second layer of security in the event that your password is compromised. It’s important to note that not all MFA is created equal. Cybercriminals can intercept some forms of MFA such as verification codes sent through email or text. Authenticator applications, biometrics and physical security keys are one of the most secure forms of MFA, especially when protecting against remote threats.
Spring-clean your online accounts and take some time to review and adjust privacy settings for each social media platform to ensure you’re not publicly sharing sensitive information, like your birthday, and that your posts are only visible to friends and followers. Some platforms also allow you to choose who can send you friend requests.
Phishing is a popular ploy when it comes to hackers. They’ll send a text message or email posing as a reputable company to tempt you into revealing personal information, such as passwords or credit card numbers. We’ve seen this take the form of HMRC refunds, DHL delivery texts, warnings from the Post Office about held letters, fraudulent Amazon charges, the list goes on...
Cybercriminals may try to phish you through social media messages or leverage the information from your profiles to send targeted attacks via email or text. Never click on any unsolicited link or attachment, whether it’s through text, email or social media.
Keep all of your applications and operating systems across laptops, tablets, smartphones, and more up to date to ensure you have the latest security patches and features. You should also regularly check for updates on all of your devices, so you're not missing a critical patch.