Stratfor Hack: Researchers show that even experts use weak passwords, but what makes a strong password?

Posted on Friday 6th January, 2012 by

We have mentioned many times in our blogs the importance of using secure, strong and unique passwords for each of your accounts. However, it has recently come to light that even security experts use weak passwords.

‘Hacktivist’ group, Anonymous, carried out a massive attack on the global security consulting firm Stratfor on the 24th December 2011. This attack demonstrates that even high-level executives working for the largest enterprises do not understand the importance of a strong password.

Anonymous announced that it had hacked into the Austin, Texas branch of Stratfor and stolen hundreds of thousands of private email addresses, passwords and credit card details of the company’s clients and recipients of their newsletter, as well as many phone numbers.

Identity Finder reported that just five days after this announcement, Anonymous published a list of (approximately):

• 859,311 email addresses;
• 860,160 hashed passwords;
• 68,063 credit cards;
• and 50,569 phone numbers.

What is most shocking is that the researchers studying the passwords exposed by this attack state that many of the passwords were “simple and easy to decode”.

With some of the passwords belonging to employees of organisations such as the Bank of America, JP Morgan Chase, IBM and Microsoft, as well as U.S. intelligence, law enforcement and military officials, it is very worrying that they were so weak and easy to crack.

It has even been reported that passwords such as: “123456”, “11111111”, “123123”, “111222333444”, “12345678901”, “administration”, “123456789abc”, “12345stratfor”, “hello123”, “lawenforcement” and “intelligence” were being used by Stratfor’s clients’ to protect their sensitive accounts.

MSC would like to briefly remind our readers how to create a secure password:

• Use a mix of upper and lower case letters, numbers and punctuation;
• Do not use a dictionary word;
• Do not use easy to guess passwords such as pet’s names, mother’s maiden name. the name of your street etc.;
• Do not use less than 8 characters;
• Never use the same password for more than one account.

If you are interested in identity protection issues, read MSC’s October newsletter where we discuss the topic of identity fraud prevention.

To sign up to our newly named monthly newsletter, Read all about IT!, click here.

info@msc247.com | 0333 55 55 247

Related Content

  1. 17.5% of e-commerce sites do not secure their customers’ transactions: how safe is online shopping this Christmas?

    With Christmas five and a half weeks away, this is probably...

  2. How high in your business priorities is website security?

    The 2011 Website Security Statistics Report from WhiteHat Security presents a...

  3. UKTI shrinks the world for South East exporters – SMEs urged to grab chance for one-to-ones with trade experts

    UKTI shrinks the world for South East exporters – SMEs urged...

  4. Facebook Users Warned of a Spreading Malware Attack.

    Facebook users are being warned of a worm that is spreading...

  5. SMARTPHONE VUNERABILITIES: SECURING YOUR DATA

    Smartphone Vulnerabilities From The Inkerman Group SECURING YOUR PERSONAL AND BUSINESS...

Leave a Reply

You must be logged in to post a comment.