Connect with us

Phuket

Phuket Live Wire – reusing passwords is an expensive bad habit

Legacy Phuket Gazette

Published 

 on 

PHUKET: Here’s a question I see with alarming frequency:

Woody, somebody just broke into my Hotmail account. The creep sent messages out to everybody in my Hotmail address book, saying I was in the hospital and needed money sent to me (by Western Union) immediately. What can I do about it?

You’ve been hacked, and there’s precious little that can be done. Let me get to that part in a second. First, I want to talk about how you got hacked in the first place – and dole out some advice to people in Phuket that can keep creeps from getting into their Hotmail (or Facebook, Twitter, PayPal or bank) accounts.

There are hundreds of ways bad guys can get your password. You already know about many of them – writing down your password on a sticky note and putting it on your laptop, for example. Telling your password to your spouse or best friend, who loaned it to someone who really needed it, like, right now.

Using a patently obvious password doesn’t help – if your name is Yingluck Shinawatra or Barack Obama, and your password is yingluck or President, well, you gotta expect somebody’s going to figure it out. (Both Yingluck and Barack have had their Twitter accounts hacked, probably because they used simple passwords.)

Using one of a bunch of very common passwords is similarly very dumb. As explained in an InfoWorld article , the 25 most common passwords stick out like a sore thumb: password, 123456, 12345678, qwerty, abc123, monkey, 1234567, letmein, trustno1, dragon, baseball, 111111, iloveyou, master, sunshine, ashley, bailey, passw0rd, shadow, 123123, 654321, superman, qazwsx, michael, football. Use any of those and any pimply teenager in Kazbukistan with ten minutes to kill can break into your account.

There’s a worse form of password abuse, though, and it can cost you a lot of money. You need to be very, very careful to keep from re-using your email password. Consider this worst-case scenario, which we saw unfold here in Thailand a couple of months ago.

Let’s say my Gmail address is woodyleonhard@gmail.com (it is) and my Gmail password is gotcha (it isn’t). Like you, I log on to dozens of web sites every day. I signed up for an account at a newspaper site (not this one), so I can post comments in their forums and get email updates on the news.

Let’s call this newspaper site ThaiDailyPlanet.com. The site asks me to provide my email address, and a password. I give them my email address, woody-leonhard@gmail.com. I’m lazy (I am), so instead of using a different password, I just re-use my Gmail password, gotcha.

ThaiDailyPlanet.com’s webmasters may be good at many things – their jobs depend on keeping the news posted and updated, and looking good – but they aren’t security experts. The system that stores people’s email addresses and passwords is protected very well, using the latest SQLServer technology, but the admins don’t bother to encrypt user IDs and passwords before storing them. That means my user ID and password are sitting on a disk somewhere on ThaiDailyPlanet’s server, and they’re just plain text.

Fast forward a few months, or years and some creep in Los Angeles downloads this new hacking program that’s supposed to be able to break into SQLServer databases. He doesn’t have a clue how it was built, and can just barely figure out how to use the hacking program, but he goes surfing the internet, looking for SQLServer databases that don’t have a specific, recent security patch installed.

Sure enough, he bumps into ThaiDailyPlanet.com, and discovers that their SQLServer database doesn’t have this security patch yet. He turns the hacking program on ThaiDailyPlanet’s servers, and in the course of an hour or two, downloads five thousand email addresses and passwords, including woody-leonhard@gmail.com and gotcha.

This particular creep has the self-esteem of a gutted catfish, so he goes bragging to other people on creepy forums that he’s broken into this big, bad database, and made off with 5,000 email addresses and passwords. To strut his stuff, he posts the addresses and passwords on an open data web site, inviting his creepy friends to go look.

Within hours, hundreds of people have downloaded the stolen email addresses and passwords. Some of them have IQs above dishwater level, so they go poking and prodding. Sure enough, dozens of them find out that they can log on to Gmail with woodyleonhard@gmail.com and gotcha.

That’s only part of the story. If I used the same username and password on my PayPal account, it’ll be gone in a New York minute. With a hundred monkeys pounding on keyboards, my Bank of America, Scottrade and Kasikorn Bank accounts could get drained the same way – if I used the same user name and password that’s on my Gmail account. And of course I’d be ordering champagne and caviar on eBay, for delivery to Los Angeles. It could all happen in a few minutes, and I’d never be any the wiser.

More than that, some banking sites let you request a “forgotten” password by providing the correct email address. One of those monkeys no doubt would try the “Forgot my password” on a hundred well-known financial sites, and possibly come up with something. With access to my mail account, they’d have all the details they need.

Bottom line: don’t re-use your email account’s password! And be very careful about recycling passwords in general.

Back to the original question: there’s basically nothing you can do about a hacked email account. If you can still get in, you should change your password immediately, of course, but the cow’s already out of the barn. It happens so often that the major mail providers (Hotmail, Gmail and Yahoo Mail) have web sites set up with advice about how to cope with the problem, but the bottom line is that there’s basically nothing you can do.

Live Wire is Phuket Gazette columnist Woody Leonhard’s weekly snapshot of all things internet in Phuket.

Follow him on Twitter: @PhuketLiveWire; “like” pages at facebook.com/SandwichShoppe; and facebook.com/phuketgazette.net.

— Woody Leonhard

 

Want more from the Thaiger family?

📱 Download our app on Android or iOS for instant updates on your mobile
📝️ Join the conversation on Thaiger Talk - discuss news & life in our Thailand forums
📧 Subscribe to our daily email newsletter
👍 Like/Follow us on Facebook
🔔 Subscribe to or Join our YouTube channel for daily video updates

image

Join the conversation and have your say on Thailand news published on The Thaiger.

Thaiger Talk is our new Thaiger Community where you can join the discussion on everything happening in Thailand right now.

Please note that articles are not posted to the forum instantly and can take up to 20 min before being visible. Click for more information and the Thaiger Talk Guidelines.



Read more headlines, reports & breaking news in Phuket. Or catch up on your Thailand news.

Archiving articles from the Phuket Gazette circa 1998 - 2017. View the Phuket Gazette online archive and Digital Gazette PDF Prints.

Follow Thaiger by email:

Myanmar8 hours ago

Burmese military media outlets say ethnic army killed 25 workers

Thailand10 hours ago

PM Prayut Chan-o-cha says drug suppression should to be a national priority

Thailand11 hours ago

Purchases of fancy street lamps being investigated for possible corruption

Phuket Sandbox July 1st

days
hours
minutes
seconds

Thaiger is getting behind local businesses for the restart of tourism in July - up to 50% discounts across all advertising packages in June!

Sponsored by image

Thailand11 hours ago

Thailand News Today | BKK parks re-open… nearly, tropical storm, airport security upgrade | June 14

Thailand12 hours ago

Missing fisherman’s body found in sea off Nakhon Si Thammarat

Coronavirus (Covid-19)12 hours ago

CCSA: We’re out of vaccines

Coronavirus (Covid-19)13 hours ago

Ayutthaya hospital to test all staff for Covid after 18 test positive

Thailand13 hours ago

13 teenagers arrested in Chon Buri for partying, gathering

Crime13 hours ago

Crime Suppression Division seizes dozens of illegal firearms in a series of raids

Crime14 hours ago

Marijuana valued at 10 million baht seized in Nakhon Phanom, 2 arrested

Coronavirus (Covid-19)14 hours ago

Monday Covid Update: 3,355 new cases, provincial totals

Coronavirus (Covid-19)15 hours ago

Almost 100% of teachers and staff vaccinated in Bangkok

Thailand15 hours ago

Almost 8 million register for stimulus scheme, app briefly goes down

Best of16 hours ago

Top 5 best temples in Bangkok

Thailand16 hours ago

Good Morning Thailand | What’s happening in Pattaya, Phuket sandbox, reopening for tourism

Thailand3 months ago

Thailand News Today | Thai Airways in rehab, All go for Songkran | March 4

Tourism3 months ago

Phuket’s nightlife. Yes, bars and clubs are still open | VIDEO

Phuket3 months ago

Thailand News Today | Covid passport talks, Thai Airways heads to court | March 2

Tourism4 months ago

Phuket Thai food treats you need to try | VIDEO

Thailand4 months ago

Thailand News Today | Bars, pubs and restaurants ‘sort of’ back to normal | Feb 23

Tourism4 months ago

In search of Cat & Dog Cafés in Phuket Town | VIDEO

Thailand5 months ago

Thailand News Today | Gambling crackdown, Seafood market to reopen, Vlogger challenge | Jan 21

Thailand5 months ago

Thailand News Today | Covid testing for visas, Business impact, Vaccine approval | January 19

Thailand5 months ago

Thailand News Today | Weekend Bangkok bombs, Thailand fires, Covid update | January 18

Thailand5 months ago

Thailand News Today | Stray car on runway, Indonesian quake, 300 baht tourist fee | January 15

Thailand5 months ago

Thailand News Today | Governor off respirator, sex-trafficking arrest, condo prices falling | January 14

Thailand5 months ago

Thailand News Today | Chinese vaccine, Thailand ‘drug hub’, Covid update | January 13

Thailand5 months ago

Thailand News Today | Bangkok may ease restrictions, Phuket bar curfew, Vaccine roll out | January 12

Thailand5 months ago

Thailand News Today | Covid latest, Cockfights closed down, Bryde’s Whale beached | January 11

Thailand5 months ago

Thailand News Today | Southern floods, Face mask fines, Thai Air Asia woes | January 8

Trending