Notorious hacker Guccifer committed a cyber crime sure to bother loyal fans of the PBS period drama Downton Abbey: he hacked a screenwriter's email account, stole the script for the series finale, and published it online.
When he's not spoiling the endings for television shows, Guccifer specializes in hacking A-list celebrities and political figures. The Telegraph notes that he's successfully gained access to the emails of Bill Clinton, George W. Bush, Leonardo DiCaprio, and Steve Martin.
So how does a notorious email hacker gain access to such high profile accounts? Spoiler alert: it's easier than you’d think.
Social Media and Interconnectivity Give Hackers the Upper Hand
Social media and the growing amount of information people share and make available to the public create a dream scenario for hackers – and a cyber-risk nightmare for everyone else.
By Googling celebrities, reading Wikipedia pages, and studying celebrity profiles, anyone can cobble together details about a famous person’s life and family. And according to reports, that’s exactly what Guccifer did. He used this background knowledge to guess celebrity’s passwords and / or the answers to their security questions.
Common security questions like "What is your mother's maiden name?" or "What was your high school mascot?" can be figured out relatively easily by doing some simple detective work online.
Interconnectivity is another major security problem. If a hacker gains access to a your Gmail account, they can most likely also get access to all sorts of other accounts (including bank accounts).
Hackers might attempt to log into your bank, Facebook account, or other important online destinations. If their login attempts fail, they click the option to reset your password. You see where this is going: the reset link is sent to the email account they've already hacked.
Cyber Security Tips: Improve Account Security
Guccifer's hacks show how vulnerable individuals are to a hacker bent on cyber theft. If someone was really focused on breaking into your email or stealing your identity, what steps have you taken to prevent them?
Consider the how the following can affect your online security.
- Security questions. Security questions shouldn't have obvious answers. If the question is "who is your favorite super hero?" don't say "Superman." Treat your security questions as another password. Choose an answer that would be nearly impossible to guess.
- Two-step verification. Many accounts now allow you to opt for 2-step verification. You'll include your cellphone number and if you ever need to reset your account, you'll be texted a verification code.
- Account settings. A data miner was recently able to pull millions of personal phone numbers from Facebook accounts. Users had evidently forgotten, or been unaware, that this information would be listed publicly. Log out from LinkedIn, Google, Facebook, Twitter, and other websites and view your "public" profile to see what outsiders see.
- Sharing of personal data online. In general, be cautious of listing any personal information online. Whois.net lists the owners of domain names and often their physical addresses. Celebrities and web developers often unintentionally disclose their home addresses when they sign up for a URL. Ouch.
- Password and login variation. Once a hacker figures out one login / password combination, they'll have access to any account that uses it. Using unique logins and passwords mitigates this risk.
(For information about improving your software to make it more secure, check out "3 Ways to Upgrade Your Data Security for Free").
Guccifer is probably too busy hacking A-list celebrities to target small-business owners like you. But after looking at his techniques, you can see how incredibly easy it can be to hack into someone's account.
The vast amount of public data we disclose opens us up to more and more cyber risk every day. Fortunately, you can reduce your risk exposure by limiting what data is public and increasing your security standards.
To learn more about covering your cyber risk, read "Where is your Cyber Risk Insurance Hiding?" and check out our sample insurance quotes.
