Monday, June 11, 2012

Your password has been hacked, now what? Three ways to address your contacts.

Our blog has moved. You will find this blog post and fresh content on our new Talascend IT blog.

Last Wednesday, LinkedIn reported that a number of users had their passwords compromised. Although not confirmed by LinkedIn, it’s estimated that about six million of its 161 million + network fell victim to the security breach. If you’ve been following Talascend and me for a while you’ll remember the piece about creating passwords using a cipher.

How would you handle being hacked?
But what do you do once the damage is done?

Some choose to ignore the problem hoping it will go away. Even worse, infrequent users might not realize that anything has happened and the resulting spam propagates to incredible levels. Some choose to get right out there and post on Facebook and Twitter, ‘folks my password has been compromised. I am not stranded in London. I am OK. Please do not respond to messages from me that ask for money, unless of course, I call you and speak with an outrageous accent or send a grammatically incomprehensible email.’

What’s the proper etiquette or social protocol to inform friends, family and colleagues that a hacker has infiltrated your personal online space? Here are three ways to address your network.

  1. Humor - ‘Two passwords walk into a bar.’ Even if you’re not exactly on the comedy A-List, a good way to break the ice with your network is to use a little bit of humor. Like the example above, be a little ridiculous. Give examples of old fraud emails. Talk to them about free iPads or winning a $1000 gift card to BestBuy. Then get serious. Tell them not to open anything that has a link in it and, if you must send them a link, remove the hyperlink and tell them to cut and paste it.

  2. The straight forward approach - If you’re the no nonsense type, simply get to the point and be done with it. In the LinkedIn example, if your account was hacked give them the facts, let them know you’re on top of it and when likely the problem will be resolved. Tell them how to find more information on the attack and how to create a better password.

  3. Infrequent users: Check or close your account - Social media accounts that are inactive or abandoned tend to be the most vulnerable to attack and the most dangerous simply because users might not get notification if a breach has occurred. Chances are, say if you migrated from MySpace to Facebook years ago, then many of your friends have done the same and many of them still have the same email address. They could be getting messages from you for anything from ‘cheap prescription drugs’ to ‘cut rate insurance’ without you knowing it. One of the best things you can do is rid yourself and the web of those inactive accounts.

If you’re connected to the Internet or any network, you are at risk. Sometimes, even the best passwords are compromised due to hacker ingenuity. It’s still important to choose a password that is not easily detected. It was also reported that about 1.5 million eHarmony passwords were hacked and published the same day and a significant number of those had ‘eharmony’ or ‘harmony’ as part, if not all, of the password.

Is there shame in being hacked? Is it a cause for personal and professional worry?

If you choose easily guessed passwords, you should probably feel a little angst if you get hacked. Your lack of concern could cost you and your network a host of problems. If you get bested by hackers even with a high strength password, then fear not; quick action and honesty can help you save face. Even having a perfect, random character password won’t protect you from a site you are a member of being compromised as in this case.

What do you think proper protocol should be?