Understand how hackers work

Forget about those hackers in movies trying to crack the code on someone’s computer to get their top secret files. The hackers responsible for data breaches usually start by targeting companies, rather than specific individuals. They want to get data from as many people as possible so they can use, resell or leverage it to make money.

It’s not personal, at first

Hackers don’t really care whose personal information and credentials they can get, as long as they can get a lot of it. That’s why cyber criminals often target massive companies with millions of users. These hackers look for a security weakness — the digital equivalent of leaving a door unlocked or window open. They only need to find one door or window to get inside. Then they steal or copy as much personal information as possible.

Once they get your data, cyber criminals can start their real work. We don’t always know what they intend to do with the data, but usually they will try to find a way to profit from it. The effects on you might not be immediate, but they can be very serious.

All types of data can be valuable

Some data — like banking information, bank card numbers, government-issued ID numbers and PIN numbers — is valuable because it can be used to steal the victim’s identity or withdraw money. Other data, like email addresses and passwords are valuable because hackers can try them on other accounts. All sorts of data can be valuable in some way because it can be sold on the dark web for a profit or kept for some future use.

What makes a password easy to guess

If hackers can get a list of email addresses from a data breach, they already have a good start. All they have to do is pick their website of choice and try these emails with the most popular passwords. Chances are, they’ll be able to get into quite a few accounts. So don’t use any of the 100 Worst Passwords of 2018.

  • 123456 and password are the most commonly used passwords. Don’t use them.
  • Switching a letter for a symbol (p@ssw0rd!) is an obvious trick hackers know well.
  • Avoid favorite sports teams or pop culture references. Use something more obscure.
  • Don’t use a single word like sunshine, monkey, or football. Using a phrase or sentence as your password is stronger.
  • Don’t use common number patterns like 111111, abc123, or 654321.
  • Adding a number or piece of punctuation at the end isn’t good enough to make your password stronger.

One exposed password can unlock many accounts

Hackers know people reuse the same passwords. If your banking password is the same as your email password is the same as your Amazon password, a single vulnerability in one site can put the others at risk.

It’s why you should use different passwords for every single account. The average person has about 100 accounts, and that’s a lot of passwords to remember. Security experts recommend using a password manager to safely store unique passwords for every site. Firefox Lockwise is a good step in the right direction.

Hackers don’t care how much money you have

Think you don’t need to worry because you don’t have much money to steal? Hackers couldn’t care less. There are countless ways to leverage all types of personal data for profit. Through identity theft, cyber criminals can open new credit cards or apply for loans in your name. By getting your financial information, they can make purchases or withdrawals. These attackers can even find ways to target your friends and family once they gain access to your email.

Stay in the know

Firefox Monitor can help you stay alert to data breaches. It’s easy to get started by checking to see if your email address has been in a known data breach. And when you Join Firefox, we’ll send you an alert we’ll If your information surfaces in a new data breach.

This post is also available in: Deutsch (German) Français (French)

Share on Twitter