Sony was allegedly hacked again. Some of its users’ information are now allegedly published online. The group that hacked Sony said they leaked the following:
Sony Autotrader Users: DOB, Gender, Phone, Full Postal Address, Full Name, Password (to Sony), Email
Sony Beauty Users: Email, Password
Sony Delboca Users: Email, Password
Sony, on its part, has neither denied nor confirmed that the leak happened. IBTimes couldn’t independently verify if the hacking did happen. However, IBTimes did track down one leaked age-location-name combination that seemed genuine.
Assuming the leak was real, Robert Siciliano, McAfee consultant and identity theft expert, said the leak wasn’t exactly a jackpot for internet criminals because there were no credit card and social security numbers.
Still, there are damages and threats.
The number one danger is that these Sony users recycle their passwords, meaning they use the password they gave to Sony for everything else.
If so, hackers can access their email, from which they can retrieve many other passwords by using the “Forget Your Password?” function of many websites. They can also potentially access users’ account of Facebook, LinkedIn, banks, and many other online services. (So if you’re a user whose information was leaked and you recycle passwords, it’s a good idea to change your passwords now).
Siciliano said he personally has almost 700 passwords. He said it’s never a good idea to have the same password/username combination for anything.
Still, even if the users don’t recycle their passwords, they could still fall victim to social engineering. Siciliano gave the following hypothetical example:
Let’s say I find you’re a member of this equestrian club. So I go to that equestrian club and sign up for their newsletter. Then I take the template of that newsletter and I send you an email to request that you ‘update’ your credit number.
The point is that the more information scam artists have, the more creative ways they have of tricking information from people.
And then there is spamming. Spammers are always looking (scraping) for valid contact information, so the email addresses, postal addresses, and even the phone numbers leaked could be added to the contact lists of numerous spammers.
Siciliano said Internet users are ultimately responsible for their own personal identity and security. He recommends everyone to take the following precautionary steps:
- Get anti-virus software and update it regularly
- Don’t repeat username/password combinations
- Consider investing in identity theft protection services
“You should consider your data is already breached. There have been half a billion data records breached over the last few years. It’s only a matter of time before your data is compromised. You want to do things here and now to protect yourself,” said Siciliano.