A hacktivist group known as “GhostShell” released the details of over one million accounts in a project they’re calling “Hellfire.” According to a recent ZDNet article, the account information seems to be from a variety of organizations, including banks, government agencies, consulting firms and the U.S. Central Intelligence Agency.”Some of the hacked databases included over 30,000 records, although the actual figures were ‘hard to count and verify’,” the news source said. “While ‘a lot of the data’ does not appear to be sensitive, through CMS exploits GhostShell was able to steal a ‘very large portion’ of the files, which noticeably included credit history reports.”
The article said the hackers utilized a variety of methods to gather the data. Although SQL injection – which tricks the web server into sending restricted information – was the most common tactic, GhostShell was able to exploit weak passwords and insecure content management systems to gain access to financial records.
A recent PCWorld article pointed out that weak passwords remain one of the most common security vulnerabilities. Many of the hacked accounts used passwords such as “123456” or “law321.” PCWorld suggested that users adopt multi-device security solutions, including application control and antivirus, to protect against malware. And, of course, upgrade to stronger passwords.
“Again, though, you can’t control the security – or lack thereof – of the third-party entities you do business with online,” the article stated. “All you can do is choose to do business with sites and services that take security seriously – and use different passwords for each site so that a breach of one doesn’t become a breach of your entire online presence.”
Although a large number of accounts have been compromised, the hackers indicated there would be more attacks to come.
Do you use strong passwords or easy-to-remember ones? Do you have any other security measures in place to protect online banking or credit card accounts?