26 Apr How it really happened : NINJIO Season 1, Episode 5, Turbine Twist
As we saw in the Turbine Twist Episode, Steve, the “not so smart CSO” (Chief Security Officer) used his same username and password to activate his daughter’s toy account as he uses at work. Hackers were able to breach the toy account, and then use those credentials to log into Steve’s work, and get access to all sorts of IP (Intellectual Property). This gives the hackers the ability to beat Steve’s company to market with a new wind turbine technology, costing Steve’s company millions. One thing we didn’t mention in this episode, is that it likely gave the hackers the ability to break into Steve’s bank accounts as well. As hard as it is to use a different password on each different site, it is imperative from a security standpoint. Website frequently are hacked, and their credentials database is compromised. Using a password management tool, if your company allows for that, is many times a great idea.
How it Really Happened:
Phishing corporate passwords is one of the biggest costs to corporations. All it takes is one high-level user account breach for hackers to gain access to a network. This article covers how Chinese hackers gain access to intellectual property when high-level employees use passwords across multiple accounts.
A security breach at a major toy company, VTech, exposed personal information including parent passwords. These passwords can then be used to access corporate accounts if they are the same. This article explains the VTech data breach and the information exposed to hackers.
Most users use the same password across multiple sites to make it convenient to remember them. This article explains the dangers and how you can choose a better password for your accounts.
Telesign discusses the dangers of using the same password across multiple sites. It causes a domino effect where hackers then have access to numerous other accounts as they log in to different common user profiles.
CNET put together a guide on password security, how and why your password can be compromised, and what makes a good password. It also covers 2-step verification, which helps defend against attacks where a hacker gains access to your email passwords.