Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label 2-Step Verification. Show all posts

Gmail and Facebook Users Advised to Secure Their Accounts Immediately

 



In a recent report by Action Fraud, it has been disclosed that millions of Gmail and Facebook users are at risk of cyberattacks, with Brits losing a staggering £1.3 million to hackers. The data reveals that a concerning 22,530 individuals fell victim to account breaches in the past year alone.

According to Pauline Smith, Head of Action Fraud, the ubiquity of social media and email accounts makes everyone susceptible to fraudulent activities and cyberattacks. As technology advances, detecting fraud becomes increasingly challenging, emphasising the critical need for enhanced security measures.

The report highlights three primary methods exploited by hackers to compromise accounts: on-platform chain hacking, leaked passwords, and phishing. On-platform chain hacking involves cybercriminals seizing control of one account to infiltrate others. Additionally, leaked passwords from data breaches pose a significant threat to account security.

To safeguard against such threats, Action Fraud recommends adopting robust security practices. Firstly, users are advised to create strong and unique passwords for each of their email and social media accounts. One effective method suggested is combining three random words that hold personal significance, balancing memorability with security.

Moreover, implementing 2-Step Verification (2SV) adds an extra layer of protection to accounts. With 2SV, users are prompted to provide additional verification, such as a code sent to their phone, when logging in from a new device or making significant changes to account settings. This additional step fortifies account security, mitigating the risk of unauthorised access even if passwords are compromised.

Recognizing the signs of phishing scams is also crucial in preventing account breaches. Users should remain vigilant for indicators such as spelling errors, urgent requests for information, and suspicious inquiries. By staying informed and cautious, individuals can reduce their vulnerability to cyber threats.

In response to the escalating concerns, tech giants like Google have implemented measures to enhance password security. Features such as password security alerts notify users of compromised, weak, or reused passwords, empowering them to take proactive steps to safeguard their accounts.

The prevalence of online account breaches demands users to stay on their tiptoes when it comes to online security. By adopting best practices such as creating strong passwords, enabling 2-Step Verification, and recognizing phishing attempts, users can safeguard their personal information and financial assets from malicious actors.



What are 'Credential Stuffing' Attacks and 2-Step Verification?

In the Light of 23andMe Security Incident Following up on the recent security breach of 23andMe that impacted around 14,000 customer accounts, the security incident underscored the utilization of a cybersecurity tactic known as "credential stuffing," where unauthorized access is gained by exploiting known passwords, potentially sourced from previous data breaches. 

As per a new filing, the information, which typically encompassed details about ancestry and, in some cases, health-related data derived from users' genetics, was acquired through a credential-stuffing attack. In this type of cyber attack, hackers leveraged login details obtained from previously breached websites to gain unauthorized access to users' accounts on various platforms. 

The threat actor not only breached individual accounts but also accessed numerous files containing profile information about other users' ancestry. These files were originally shared by users who opted in to 23andMe's DNA Relatives feature, and the compromised information was subsequently posted online by the attackers. 

Let's Understand 'Credential Stuffing' 

Credential stuffing is a cyber attack method in which attackers use automated tools to systematically and rapidly input large volumes of username and password combinations (credentials) into online login forms. These credentials are typically obtained from previous data breaches or leaks on other websites or services. 

The attack relies on the fact that many people reuse the same username and password across multiple online platforms. When attackers acquire a list of compromised credentials, they use automated tools to "stuff" or try these credentials on various websites, hoping to gain unauthorized access to user accounts. The success of credential stuffing attacks depends on the prevalence of password reuse among users. 

To protect against such attacks, individuals must use unique passwords for different online accounts and for organizations to implement security measures such as multi-factor authentication (MFA) to add an extra layer of protection. 

23andMe Holding Co., headquartered in South San Francisco, California, is a prominent player in the field of personal genomics and biotechnology. Renowned for its direct-to-consumer genetic testing service, the company invites customers to submit a saliva sample for laboratory analysis. Through single nucleotide polymorphism genotyping, the genetic data is deciphered to produce comprehensive reports on the customer's ancestry and predispositions to health-related conditions. 

This innovative approach has positioned 23andMe as a key player in the dynamic landscape of genetic testing, offering individuals valuable insights into their genetic makeup. Also, the company mentioned that when the hackers got into those accounts, they could see a lot of files with information about other users' family backgrounds. These were the users who decided to share details through 23andMe's DNA Relatives feature. However, the company did not say exactly how many of these files were or how many "other users" were impacted. 

Following the breach, 23andMe took swift action by advising users to reset their passwords. Additionally, the company strongly recommended the adoption of multi-factor authentication as a vital measure to boost security. By November 6, 23andMe escalated its security measures, making it mandatory for all users to enable two-step verification, providing an extra layer of defense for user accounts. 

What is 2-Step Verification and How Does it Prevent Credential Stuffing Attacks? 

Two-step verification (2SV) is an authentication method that adds an extra layer of security to the login process. Users must provide a second form of verification, such as a temporary code sent to their phone, in addition to the usual password. 

This additional step significantly reduces the risk of credential-stuffing attacks. Even if attackers acquire login credentials from one source, they would still need the second verification factor to access the account. 2SV serves as a crucial deterrent, enhancing overall security and making it more challenging for unauthorized access through automated credential-stuffing techniques.