A new F-Secure study reveals how people who used breached services — The Walking Breached — are significantly more likely to experience cyber crime. For users with kids, the likelihood is even higher. Sadly, the numbers of The Walking Breached grow every day.
The finding that people who use breached services, especially if they are parents, become far more likely to experience cyber crime should be a wake-up call. Securing not only their devices and accounts but also the devices and accounts of everyone in their family should be an immediate priority.
Data breaches fuel cyber crime
In a recent F-Secure survey, 18% of respondents – nearly one in five – knew that they’re using one or more online services that have been breached, placing them among the ranks of The Walking Breached. While that may just seem like a sliver of all internet users, cyber crime was clearly more common among these respondents. 60% of The Walking Breached, or 3 out of every 5, reported experiencing one or more types of cyber crime in the 12 months prior to filling out the survey, compared with just 22% of other respondents.
The dynamics of a phenomenon called “account takeover” can help explain why breached users experience more crime. As soon as the credentials are discovered, attackers can begin a process called “credential stuffing” to try them out on tens of thousands of accounts with very little effort. When they succeed in taking over the account, they can then begin the process of monetizing it using various forms of fraud that would be classified as identity theft.
People who reuse their credentials face greater risks of account takeover. Any leaked credential becomes something criminals can easily use to seek more and more gains. And by gaining access to less secure accounts, such as a photo editing site, criminals can try the same exact credentials to take control of much more valuable accounts, such as online payment or streaming apps. For instance, right now criminals are likely stuffing many of the 1.9 million Pixlr user credentials from the Pixlr photo editing site that were posted online last month into every available online service and finding that many of those credentials work perfectly.
Though good password advice has been widely available for most of this century — use strong, unique passwords for all accounts stored in a trusted password manager — too many people make life easy for cyber criminals. 39% reuse the exact same passwords on various online services. 57% reuse passwords with slight variations. Password habits were even more dismal for The Walking Breached. Half of that population, 50%, reuses the exact same passwords for different online services, apps, etc. And 69% – nearly 7 out of 10 – reuse passwords with slight variations
Parents suffer more breaches and cyber crime
Unfortunately, one way to increase the risks of using the internet, the report reveals, is to have child.
22% of survey respondents with kids were using one or more breached services, compared to 15% of people without kids. And they were more likely to experience some sort of cyber crime in the 12 months prior to filling out the survey—36% compared to 23% of respondents without kids. People with kids experienced nearly every type of cyber crime addressed in the survey more often than their childless counterparts. Cyber crime was also more common among The Walking Breached parents, with 70% experiencing one or more types of cyber crime, compared to 48% of The Walking Breached without kids.
Some possibilities that put parents more at risk include:
- They have less time to mind security hygiene, which includes tactics like using a strong, unique password for all accounts and storing them in a trusted password manager or locker.
- Parents just have more things to secure – not just your own devices and accounts but your kids as well. And getting kids to follow security advice is often not easy.
- With kids, you’re likely to have a larger digital footprint, and more chances that personal info gets leaked online.
One of the challenges of being a good parent can be teaching a child to share. However, online sharing may not be caring. This includes sharing passwords between accounts and between family members—or anyone.
How to avoid becoming one of The Walking Breached
The Walking Breached reveals how internet users are stuck between a proverbial “rock” and a “hard place.” They rely on online services for more of their lives and they must trust these services to preserve the security of their personal information. The reports lays out several recommendations that for protecting accounts before and after a breach, including:
- Make the effort to use strong, unique passwords.
- Do not volunteer private information.
- Whenever possible, go beyond passwords with 2-factor authentication.
- Monitor the integrity of personal information by using a trusted service to keep track of whether your data has been exposed online.
- Stay on top of your accounts by checking statements and activating any alerts financial institutions offer.
- Do not underestimate exposure to threats, as accounts are quickly opened and may be forgotten just as quickly.
Safer Internet Day is February 9th and, unfortunately, people have to be aware that no one will do more to protect their data than they will. Preparing for the worst—a breach of personally identifiable data—requires taking the best available steps to lock down personal information and the accounts that hold that information.Read The Walking Breached