Google has issued an urgent warning to some Aussie users after discovering eight weak spots that could be used to steal data and money.
Millions of Facebook and Google users warned to make urgent change after ‘worrying’ find Cyber security experts have warned you could be making a simple yet costly mistake. Here’s how to spot it - and fix it.
Hundreds of thousands of people are continuing to use the same weak security passwords worldwide despite countless warnings to change them, cyber security experts discovered.
Cybernews’s research team looked at 56 million breached and leaked passwords in 2022 and found an alarmingly high number of people are still using easy to guess passwords, keyboard sequences, cities and animals for sites such as Google and Facebook.
WATCH THE VIDEO ABOVE: Protect yourself from hackers following data breaches.
Click on the ADS7 Link provided HERE
Watch the latest News on Channel 7 or stream for free on 7plus >>
A worrying one per cent of passwords investigated ticked the recommended requirements of both upper- and lower-case characters, numbers and special symbols.
Researchers found the classic “123456” was used as a password in a 111,417 cases. Other popular choices included “password”, “12345”, “usr” and “qwerty”.
Many people working in IT were also warned about using passwords that are too easy for threats to guess.
Default passwords used by workers with system access privileges included 16,981 cases of “admin”.
How To Know If Your Password Is Safe
Experts say a strong password needs to have an uncommon word combined with a variety of cases and characters to increase its entropy, or difficulty to hack.
“Complexity equals entropy, or how much information is stored in a given password,” Cybernews research team leader Mantas Sasnauskas told the publication.
“More entropy means the data is more chaotic, and chaos is good – that’s why it’s important to have randomly generated passwords, because they contain a lot of entropy and are more resistant to brute-force attacks.”
Sasnauskas said a complex password is less likely to be hacked and used to comprise other accounts.
“Due to many services being interconnected, even one leaked password could lead to many accesses, potential damages, and time-consuming recoveries.”
Google’s Tips For Protecting Your Password Include:
Make your password unique - use a different choice for each important account.
Make your password longer and more memorable - longer is stronger, so make it at least 12 characters long. Try a lyric from a song or passage from a book.
Avoid personal information and common words - do not use details others might know or could easily find out such as nicknames or important birthdays.
Manage your passwords with a tool.
Hide written passwords.
ADS7 Link HERE
What To Do If Your Data Is Compromised In A Company Hack?
By Savannah Meacham • Associate Producer
Millions of Australians have had their data compromised in recent major cyber attacks and while the crime may be committed virtually, it can have very real consequences for victims.
Optus, Medibank and Latitude Financial Services are among the major companies recently targeted in high-profile cyber attacks, and the private customer data stolen in those breaches could now be in the hands of hackers, scammers or those seeking to commit identity fraud.
We spoke to a cybersecurity expert to find out what you need to know in case your data has been exposed, from licence and passport numbers to sensitive health details and email addresses.
What Details Can Be Exposed In A Major Company Hack?
It all comes down to what data the company has of yours.
Richard Buckland, Professor of CyberCrime at UNSW, said the government needs to act to protect Australians by limiting what companies can hold.
But at this stage, sensitive information held can be as simple as names, dates of birth, addresses or phone numbers.
This can escalate to be as invasive as bank details, credit card information, transaction histories, rental histories and even deeply personal health data, as seen in the Medibank breach.
In the case of Medibank, a trove of medical history was held for ransom and ultimately some were posted online, causing deep anguish for those involved.
On the other end of the spectrum, Buckland said the extremely concerning Latitude breach could put victims at serious financial risk.
"The data they hold on to is the data they use to identify us before a financial transaction," he told 9news.com.au.
"If the bad guy gets it then the bad guy can go and do financial transactions."
The data includes all the information required to take out a loan or a credit card, which can be done online.
He warned driver's licence information isn't just restricted to the number now that companies ask people to submit photographs of their cards, which also show a picture, name, address and date of birth.
What Should I Do If My Data Is Breached In A Cyber Attack?
If your driver's licence or passport numbers are exposed in a major breach, you should contact the company to have these identification documents replaced.
Buckland said this should be done as quickly as possible.
Optus covered the cost of passport replacements while state and territory governments gave impacted customers free driver's licence replacements.
Similarly, Latitude has offered to cover the costs of replacements.
If the fallout is in its early stages, you can replace both documents at your own cost and they will have different identification numbers.
It is best to contact your state or territory's transport department for help with licences.
You can grab a form from Australia Post or go through the passport replacement portal to get a new official travel document, which costs about $193.
Obviously, you can't change your date of birth, and you'd have to move to change your home address.
Be aware that if you replace your Medicare card, it will have the same number on it.
If you've been compromised, Buckland also recommended checking your credit history through one of Australia's three credit bodies.
This is where you will be able to detect if a criminal has tried to take out a loan in your name.
It might not stop you from being hacked but it will let you know earlier, Buckland said.
"If a criminal goes to another bank you have no relation with, that bank will contact one of these people to let them know," he said.
To protect yourself from large amounts of money being taken, Buckland advised keeping bank accounts separate, with only a small amount in an everyday account that's shared with companies.
"The idea being if someone gets in they can't get everything," he said.
The same can be done with a credit card by having one with a low limit and another for bigger amounts.
READ MORE: What Medibank customers need to know after cyberattack and ransom threat
Brace For Future Scams As Cunning Thieves Seize On Breaches
Every seven minutes there is a report of a cyber attack in Australia. In reality, that's only what has been reported and many go undetected.
More than 76,000 cybercrime reports were logged in the latest annual government report, up 13 per cent from last year.
You might think the criminals responsible for these big hacks are the biggest danger to you but they aren't.
The cybersecurity expert warned it's actually the "opportunist scammers worldwide that will seize this as a pretext for tricking people".
So What Does That Look Like?
Well in the case of Latitude it could be receiving a letter, call, text or so forth from someone pretending to be JB HI-FI or Harvey Norman - some of the company's clients - asking about the scam and offering support.
However, these are scammers who can obtain your details and go on to commit their own scams.
"It will be a wave of scams going on now," Buckland warned.
He advised people to be suspicious of anyone who contacts you and not reveal any information or transfer money.
Here's Some Examples To Be Careful Of.
Be wary of messages that know your name, birthdate, address or other personal information. In the case that you an email or message like this, never click the link within it.
"Do nothing, no matter how convincing a phone call, email or letter don't trust it," he said.
Remember, people can also be vulnerable to wider hacks if their passwords are easily guessed from your personal information.
Keep an eye on online accounts and check for unusual activity, from social media and banking.
How To Avoid Being A Victim Of A Major Company Cyberattack?
This is a tough one as the data has been exposed through the company.
This is where Buckland said the government needs to act.
Privacy and data policies could be ramped up so companies are forced to look after the data they hold properly.
However, some laws require companies to hold on to data for a period of time, which Buckland said gives businesses an "excuse for hoarding data".
"We need laws stopping companies from keeping data, laws stopping companies from demanding data and laws stopping companies from storing data," he said.
Sadly for customers, there isn't a lot you can do when a company is hacked.
His top tip in a perfect world would be not to give your details to anyone and avoid keeping all your money in one place. But we don't live in a perfect world.
"The best thing you can do is be obnoxious and not hand out data but that's difficult," he said.
"These are hard things for people to do it's unfair that consumers take on and wear all the risk."
Another option as a fail-safe is to ensure two-factor authentication is used for all your logins.
This can ensure stronger protections against a hacker getting into your accounts like online banking, PayPal or emails.
The government is trying to crack down on businesses that fail to protect customers from a major data breach.
Big companies could be slapped with up to $50 million in fines if it is hit by serious data breaches.
Penalties can be even larger depending on company turnover and the estimated value of the stolen data.
Reported losses from cybercrime in the 2021-22 financial year were $39,555 for small businesses, $88,407 for medium businesses and $62,233 for large businesses.
But self-reported losses amounted to $98 million in this period.
Sign up here to receive our daily newsletters and breaking news alerts, sent straight to your inbox.
NWS9 Link HERE
I HAVE ADDED ANOTHER POST WITH SOME POSITIVE SOLUTIONS FOR YOU, AS I HAVE BEEN RESEARCHING PRIVATE BROSWERS and SEARCH ENGINES FOR SOME TIME, YOU CAN USE INSTEAD OF GOOGLE CHROME and GOOGLE on FIREFOX. WATCH FOR IT.