When a hacker manages to break into a system, the least you can expect is that he or she is at least a little bit smarter than the owners of the same system, who left the vulnerability there in the first place. Some hackers who stole thousands of Spotify passwords failed in this basic precept of digital security, leaving the material exposed in a database… without a password.
If you immediately thought of the image of “Hackerman” from the comedy Kung Fury, then at least half of our team is with you: according to CNET, the “genius” hackers who stole Spotify passwords did so thanks to a user error, precisely that of repeating passwords across multiple platforms.
Repeating passwords, a classic mistake
Hackers are using human error to steal Spotify passwords, but they are also making huge mistakes and exposing themselves to authorities (Image: r.classen/Shutterstock)
According to experts, this is one of the most basic human failings when it comes to digital security: If you use the same password on multiple platforms, you’re only as secure as your weakest platform. Hackers can steal your passwords – say, your Spotify password – and try to use them on multiple other sites. This can turn your digital life upside down, and in some cases, irreversibly.
But the hackers who stole Spotify users’ passwords managed to throw caution to the wind by storing the material in a cloud-based database—without the protection of its own password. Basically, anyone with internet access could find the address of the database and get the stolen information back—or worse, lock it with their own password and prevent the hackers from accessing what they themselves stole.
And that’s exactly what researchers Ran Locar and Naom Rotem did, who are part of an initiative that monitors the internet for unprotected databases. As a matter of process, they ask database owners to step up their security practices to prevent compromises, but here, they locked the hackers out of the database and published their findings on the vpnMentor website.
How to protect your passwords from hackers
In digital security, there is an expression: “no system is unbreakable”. This is very true, since attackers and system protectors are always studying and improving their methods, like in a game of chess. Despite this, there is no reason for you to relax your own measures.
The simplest way to ensure your security is to use password management software, such as LastPass or 1Password. What they do is require a master password for you to log into the application and to authorize your platforms. For each of these, the program will suggest a strong, long password with several mixed characters, protecting your credentials – some even offer cross-platform support, spreading actions from the desktop to mobile devices, such as smartphones and tablets.
Another option is to use browsers that have similar features out of the box: Safari (Apple) and Firefox (Mozilla) are two examples of this. In conclusion, you can adjust your passwords “by hand”, to make it harder for hackers. It is recommended to use a mix of special characters, upper and lower case letters and also numbers, and especially to avoid simple or easily guessable words.
Through which channels you reach those people, classic and out of the box. CNet.