How Much Of Your Personal Data Is Being Sold To Hackers?

Apple iPhone Hack

More and more of our personal data is being made available online, from our banking information, to our email to our credit files.

Buying and selling this data has become big business, and hackers are no longer looking to steal your data to simply try and buy a television on your credit card, they are looking to build a bigger picture of their targets with the aim to make more significant cash in the form of access to your bank funds or even taking out loans in your name.

New research from Experian the information services company, shows an increase of 300% over the last 2 years in illegally traded information. So far in 2014 more than 110 million pieces of data have been bought and sold by criminals – 96.5% of which consists of login credentials to web services.

The methods they are using are increasingly sophisticated, and as the recent iCloud hacks of celebrity photos showed, even the smallest piece of information can pave the way to greater access.

Traditional hacking involved brute forcing (repeated trial and error of usernames and passwords) on accounts, but as security has improved, so have the hackers methods. Why try and retrieve passwords when you can have people give them to you voluntarily. That’s the aim of phishing emails which pretend to be from your bank or email provider, and ask you to ‘confirm’ your details on their website. Of course, the provided link isn’t genuine, but takes you to a page that looks like the correct one, but in fact you’re logging into the hackers page and you’ve just given them the username and password they were looking for.

And although the message is getting through, and awareness is increasing, the findings from Experian showed that 1 in 20 people use the same log in details for all of their online accounts and 1 in 10 have never change their passwords.

Take a minute to review your common logon details. Are you using the same ones for different services? Ideally you should be using a different password for every website, and it should be 8 characters or longer making use of letters (upper and lower case), numbers and symbols to be really secure. Even better, try out a secure password service like LastPass or 1Password both of which allow you to store and use extremely complex passwords easily.

Never respond to unsolicited emails or telephone calls, if you’re contacted for security purposes for any of the details needed to login to an online account it’s probably fraudulent. Your bank doesn’t need your credentials to verify the incoming payment of ten thousand pounds to your account. You’re not the last living relative of a wealthy cousin in Nigeria. If it sounds too good to be true it probably is.

And don’t think the only threat is at home, you’re just as vulnerable when you’re mobile. And talking of mobile, make sure your smartphone is secured with a PIN or password too. Phones often have your email account configured on them – and access to your email account gives a hacker the ability to change or reset many online accounts.

This post was written by Rob Gordon, an IT geek, gadget lover and blogger. Rob has been using the internets since 1994 when the only streaming video was that coffee pot in Cambridge (rip).... Follow Rob on Twitter - @robgordon - about.me/robgordonuk