Protect Your Login Information from the Top Hacked Sites

By November 26, 2019 Security Tips One Comment
Woman on a chouch with laptop

If you thought only your bank accounts were a target for hackers, think again. London-based cybersecurity company DynaRisk published a list of the top 20 sites where accounts are most often targeted and sold in hacker communities. Some of the names on the top 20 were popular sites like Netflix, Spotify, Amazon and more.  

Why are these sites such popular targets? Due to demand, hackers can resell valid credentials to buyers who want to pay a fraction of the retail price.  

Even though many of these brands have proactive measures in place to secure your data and protect against breach, it’s important that you as a consumer also do your part to keep your accounts safe. 

Here are some tips to avoid being the next victim: 

  1. Always use unique passwords. No two accounts should share the same password. Always create a unique password for every account – preferably one that’s randomly generated with a password generator. A password manager like LastPass not only has a built-in password generator to do that for you, it also stores and organizes all passwords, so you don’t have to remember them. 
  2. Don’t give out passwords. No reputable company is going to reach out to you asking for your password or other sensitive information. Any urgent request to fix a security issue on your computer is a scam. Be wary of anyone contacting you without you initiating it. When in doubt, say no and do more research. 
  3. Strategically update passwords. No, you don’t have to update every password every 30 days. There are, however, a few key times when you should update a password. That includes: If the website has reported a security issue AND they’ve fixed the security issue; If you have shared a credential with someone, and then they no longer need access; If it’s been a year or more since you last updated the password; If you used the same password on another account. 
  4. Use 2FA when possible. Two-factor authentication adds extra protection by requiring you to provide more information (“factors”) when logging in. Apps like LastPass Authenticator and Google Authenticator can easily be downloaded to your phone and work with most sites that support 2FA. Websites may also offer text-based codes. Check out the security settings of your accounts to see what’s available and take advantage. 
  5. Be mindful of what you’re downloading. Extensions can be malicious. Yes, even if they’re approved for the Chrome store. Again, when in doubt, defer and do more research. Malicious extensions can steal credentials and other information from your browser, so it’s best to proceed with caution. Regularly review your extensions, and uninstall those you no longer use or don’t remember installing. 

You should feel comfortable using all your favorite sites, but it’s no surprise that popular sites and apps are likely targets for hacking. Thankfully, you can take these small measures to protect yourself.

One Comment

  • JayG says:

    This is a very useful overview, but I do question where the advice offered is: “If it’s been a year or more since you last updated the password” As someone who works in security, I’d ask where’s the data that shows that has meaningful impact on your security? Perhaps if it was a weak password to begin with yes, but even the latest guidance from NIST (https://pages.nist.gov/800-63-3/sp800-63b.html#memsecretver) states:

    “Verifiers SHOULD NOT require memorized secrets to be changed arbitrarily (e.g., periodically). However, verifiers SHALL force a change if there is evidence of compromise of the authenticator.”