Inyova’s short monthly newsletter about security recommendations, news, and interesting facts.
This is an internal newsletter sent to the Inyova team each month. We hope you enjoy it as much as we do!
Today’s topic: Buckle up for credential stuffing attacks.
What the hack is credential stuffing?
A credential stuffing attack is a type of brute force cyberattack done the smart way. Instead of trying to log in on a platform with random string combinations, the attacker uses a list of emails and passwords that were already breached and published. As people re-use their passwords, there’s a good chance to hack an account.
Normally passwords are saved hashed, a.k.a. as messy unreadable text. That normally slows down attackers. But in 2009, RockYou was hacked and 32 million user accounts were saved in plain text, including passwords. Hence, if you had Facebook or Myspace in 2009, you can probably find yourself in the hacked file.
Why should I care?
RockYou2009 is just one example and there have been billions of records breached since then, especially in recent years. The base for stuffing attacks is as good as it can get nowadays.
You can go ahead and check if your email has appeared in a known attack on this website.
What should I do?
Metaphorically said: The only way to protect your TV from being stolen is to lock the house door with a key that hasn’t been copied and hasn’t been spread around your neighbourhood.
You do not use one key to lock all your doors – don’t use one password for all platforms, use a different password for each.
Your apartment key is not a simple straight stick, but a complex metal shape – make your password complex, using 8+ characters, upper-/lower-case, special characters, and numbers.
If your apartment key is stolen, you change locks – if your email is breached, change your password.
Saved in the browser?
You could, BUT a disadvantage of saving passwords in the browser is that anyone who gets access to your physical computer has access to your browser passwords. Luckily lately, at least for macOS, if you want to see the password in settings, you are asked for a computer OS password. But there’s an easy way around that as well.
I would recommend using password management systems and plugins for work and home logins.
That’s it! Keep your mechanics safe and thanks for reading.
Advertising notice: The information and evaluations presented here are an advertising announcement which has not been prepared in accordance with legal provisions promoting the independence of financial analyses and is not subject to any prohibition of trading following the dissemination of financial analyses. The acquisition of this investment involves considerable risks and may lead to the complete loss of the invested assets. Inyova receives an all-inclusive fee of 0.9 - 1.2 & p.a. for its services, depending on the amount of assets under management. The exact calculation can be found at www.inyova.de/en/fees.
Risk notice: All information is only intended to support your independent investment decision and does not represent a recommendation by Inyova. The product information and calculation examples presented do not claim to be complete or correct. Only the specifications in the asset management contract incl. the further legal documents, which are made available to customers of Inyova via the complete customer documentation, are authoritative. Please read the asset management contract and the other client documents carefully before making an investment decision. The following applies to all shares and ETFs: Past performance is no guarantee of future performance. Information on past performance does not permit forecasts for the future. Investments in securities include the risk of a loss in value. Other securities services may achieve different results. The results for individually managed portfolios as well as the different time full stops may differ due to market conditions, different entry times, different portfolio sizes, individual restrictions and the respective composition of the portfolio.
Disclaimer: Past performance of financial markets and instruments is never an indicator of future performance. The statements or information contained in this document do not constitute a recommendation, offer, or solicitation to buy or sell any security or financial instrument. Inyova GmbH assumes no liability whatsoever with regard to the reliability and completeness of the information contained in this article. Liability claims regarding damage caused by the use of any information provided, including any kind of information which is incomplete or incorrect, will therefore be rejected. Furthermore, the statements contained in this document reflect an assessment at the time of publication and are subject to change. References and links to third party websites are outside the responsibility of Inyova GmbH. Any responsibility for such websites is declined.
EU Sustainable Finance Regulation: the terms and categories from this post do not correspond to the terms and categories of the EU Sustainable Finance Regulation. You can find the disclosures and explanations required under the EU Sustainable Finance Regulation at https://inyova.de/en/sustainable-finance-disclosure-regulation..