Hacked and leaked databases, it was quite the headline filler in 2016. LinkedIn, NSA, MySpace, Twitter, the list goes on. But what is the outcome of these breaches other than someone tweeting something from Mark Zuckerberg's twitter account? A lot! At least, when you have your email account compromised.
I was one of these lucky people to have one of my email addresses compromised. Luckily for me I use separate email accounts for different end goals, so there was no real harm done. But the real eye opener was the single point of failure of your email address appears to be. Which marks the topic for this post.
So back in ~2010, when I was both young and foolish(now I am only foolish) I played Neopets. And in 2012 they had their database leaking in clear text. This database contains usernames, passwords, email addresses, fist-names and birth-dates. Recently I came across a copy of this database, and I grew curious. It turns out I had 2 Neopets accounts. One with an email I still use for spammy sites, and one I didn't remember!
The email I had forgotten, yes you guessed it, used the same password as my Neopets login. Others had figured this out as well, this much was clear. All my contacts were spammed with links to make "quick $$$$$$!!!!!" But the real security hole presented itself upon me recovering all accounts on the email. And by that I mean both the ones I made and the ones other(s) made.
The recovery was as simple as pressing the "I forgot my password" button. There was an Origin account someone made, Facebook, Twitter, some game hack sites and a few dating sites. I recovered them all. The most baffling moment was when I tried to recover the Neopets account. Upon recovering it asked my birth-date I had used upon registering; I was rather amused because the database leak contained birth-dates of all the accounts at the time.
A few sites that made it easy to change.
The accounts that the invader(s) made were used to play games on origin and to try to get a romantic life it seems. But also unused for quite some time. I haven't really got anything to show for it, but I locked the email account down.
The lesson I learned here is that email account security is not to be taken lightly, because it is really the single point of failure.
Congratulations @chessmasterhex! You have completed some achievement on Steemit and have been rewarded with new badge(s) :
Award for the number of comments received
Click on any badge to view your own Board of Honnor on SteemitBoard.
For more information about SteemitBoard, click here
If you no longer want to receive notifications, reply to this comment with the word
STOP
If you want to support the SteemitBoard project, your upvote for this notification is welcome!
Good post. I played Neopets ages ago and I looked to see if my data or whatever I remember of it was compromised, luckily it wasn't a part of the leak.
The internet and companies have evolved so much as we now know the harm of plaintext passwords, using universal passwords, and importance of two factor authentication. Password complexity is also something that is required nowadays unlike before when "password" and "123456" were perfectly acceptable. We're making progress!
i have heard more of these stories in recent times lol...as a matter of fact heard some tech geeks on https://venomthreads.com are the best when it terms gaining, revoking and recovering access into a database and with a certification to show for it. i also have the believe too that it's only people with profound tech knowledge that can pull off stuffs like database hacks.