- Created on 04 May 2011
Following the recent security breach of Sony’s PlayStation Network and yesterday’s revelation that the details of Sony Online Entertainment users have also been targeted by hackers, online security specialist, BullGuard, provides advice to subscribers on how to limit the damage and protect themselves from identity theft.
So far, the security breaches have meant that the account information of 77 million Sony PlayStation Network subscribers has been compromised and that hackers may have stolen personal data from approximately 24.6 million SOE accounts. The information that hackers may have access to includes; name, address, email address, birth date, gender, phone number, login name, hashed password, purchase history and could expose debit card records, bank account details and possibly credit card information. While Sony assures users that the credit card information that may have been stolen is encrypted and that CVV numbers were not included in the stolen data, BullGuard insists that it is still better to be safe rather than sorry in this situation – especially at this early stage where the identity, methods and motives of the thieves are unknown.
“Sony subscribers need to be aware that the information stolen could be used in a multitude of ways by very clever, skilled fraudsters that are adept at collecting information for identity theft. This information could be used tomorrow or in a year’s time, so it is essential to be on guard and implement basic measures for complete peace of mind,” says BullGuard CTO, Claus Villumsen. “The only thing that we can be virtually certain of is that the information has now been parcelled up and sold on black exchanges – illegal market places where digital information is traded as any other commodity.”
The attacks on the Sony networks have unfortunately already put subscribers at risk of security attacks. It only takes a few details to enable online criminal activity, which consequently provide a base of information for fraudsters to build upon. Utilising the online tools that we use in our everyday lives, fraudsters can collate additional information to build a bigger picture. With enough information, fraudsters know how best to commit an attack and when. Attacks may be instant, but many will be when they are least expected, giving the fraudsters better odds of success.
More and more personal information is being stored online and can be easily accessed by professional fraudsters. Social media is a key route to personal information, and the popularity of tools such as Facebook pose high security risks for online users. With only a little information, such as the information that was hacked from the PlayStation network, fraudsters can bolt on readily available personal data and eventually gather enough information to be able to answer online security questions and predict passwords. Phishing attacks on social media websites are also a major threat. Professional hackers are able to use the tools provided by social media websites to access personal information and again, build a larger collection of information to be able to successfully commit identity theft. Apps, which have already caused negative security headlines for Google’s Android Market, are a classic example of how your information can end up in the wrong hands, especially as this information is usually given willingly.
BullGuard’s recommendations to Sony subscribers are as follows:
Change username and passwords for unrelated accounts that use the same username and/or password as the Sony account. As most people use the same few passwords/security questions for all their accounts, stolen passwords pose a major security risk.
Change security questions and password on Sony account.
Closely monitor account statements and credit report. If your details have been stolen it is most likely that the thieves will siphon out small amounts at a time, making them less likely to be spotted.
Get a fraud alert on your credit card, or cancel it and get a new one.
Avoid social media applications that ask to access your personal information to allow you to continue
As much as possible, limit the personal information that you make public on social media websites
Only download applications that are provided by a trusted source
Be suspicious of any emails that request your personal information no matter how legitimate they may seem
General advice – how to protect your personal details on public networks:
Do not store your credit card details online. Many services have so-called “e-wallet” services which allow you to store credit card details, in order to make future purchases fast and easy for you. This conflict between security and convenience is a huge dilemma for online services, and should be something end users consider carefully as well.
Do not use the same passwords and security questions for all your accounts. Most people alternate between 2 or 3 passwords for everything. Consequently, if one account is hacked, identity thieves have access to all your different profiles and accounts. At least make sure that the passwords and security questions you use for banking and money transfers are very different from the ones you use everywhere else.
If you mention your children’s, pet’s and spouse’s names on social media like Facebook and Twitter, do not use these for your passwords. That’s what everyone else is doing, and the bad guys are on that!
Only make purchases with devices that have security software (minimum antivirus and firewall) installed such as your PC. Ensure that you have security software and that it is up to date.
See more at: www.bullguard.com