Even the boss can get hacked. And a new F-Secure study CEO Email Exposure: Passwords and Pwnage finds that 3 in 10 CEO’s have had their passwords “pwned.”
What does “pwned” mean?
Pwn (verb): To own or dominate an opponent; to compromise, control or illegally gain access to a device, server or application
In this case, it also means that a service a CEO accesses using their company email has been hacked and the password they use for that service was leaked, potentially increasing their susceptibility to targeted attacks.
With databases of leaked passwords from breached services hanging around on the dark web, all a hacker needs to do is search for his target’s email address, take the corresponding password and try it on other services the victim likely uses. If his victim happens to re-use their password across services like many people do, a hacker could take control of the executive accounts to steal sensitive information or otherwise humiliate the individuals and their employers.
Basically, the same terrible things that can happen to all of us when we’ve been pwned could happen to these CEOs. But as the company’s leader, the impact might potentially be felt by thousands of employees and shareholders.
Bad cyber hygiene can even threaten a company’s internal network. The 2016 Verizon Data Breach Investigations Report found that 63% of confirmed data breaches involved weak, default, or stolen passwords.
Of course, CEOs are some of the highest value targets out there. But no matter what your job title is or isn’t, chances are you’ve been pwned too and thus your own personal data and “brand” is at risk. Services used by millions or billions of web users like you — including Yahoo!, LinkedIn and Tumblr — have all suffered some sort of major breach.
Worst of all, even if you have all your cyber security basics down, you still have no control over how well a service you use protects its data.
How can you check if you’ve been pwned? Use a public service like HaveIBeenPwned? to find out which of your credentials have been exposed.
But you should already know if you are in danger by asking yourself a few simple questions:
- Do you reuse passwords on your most important accounts?
- Do you have strong — at least 14 character — passwords for each account?
- Do you use two-factor authentication whenever available?
Once you can answer “NO!” to the first question and “YES!” to the next two, you can take the next step toward cyber security proficiency.
“Use a password manager, preferably one for which only you — not the company behind it — know your master password,” says Tom Van de Wiele, Principal Security Consultant at F-Secure.
Protecting your passwords at work is just as crucial, if not more crucial, because your livelihood is at stake. That’s why we’re releasing F-Secure Password Protection on November 1. A brand new component of F-Secure Protection Service for Business, the feature is the only available password manager that comes integrated with endpoint security clients.
Maybe you should let your CEO know about it before it’s too late. And while you’re at it, share our report with him.
Leave a comment