Beware of password reuse attacks

Financial information may not be involved in this data breach but don’t let your guard down, it can still put your other accounts at risk. How? Email addresses, usernames and old passwords can still be used for a technique called “credential stuffing.”

Although the passwords were “salted” versions, depending on the strength of Houzz’s encryption system, there’s a possibility that the hackers will be able to decrypt the passwords.

Combined with other stolen information, someone can then feed these credentials to an automated program that will try them all out on various websites, hoping that people have reused their passwords on multiple services.

Even if you’ve reset your Houzz password, if you reused the same email and password combination on another service, it can also be compromised.

Aside from that, IP addresses and ZIP codes can be combined with other sensitive information from other data breaches (Social Security numbers from the Equifax breach, for example).

With this data, cybercriminals can round off complete individual profiles that can be then used for identity theft.

What now?

To protect yourself from the inevitable fallout of this data breach, here are some suggestions:

• 
  
  
  Download 69.65 Kb.
  
  Share with your friends: