Written by Aranza Trevino
Edited by Anne Cutler
Reviewed by Darren Guccione
A compromised account is an account that has been accessed without the owner’s permission. Compromised accounts can happen for a variety of reasons including public data breaches, using weak passwords, failure to enable Multi-Factor Authentication (MFA) on online accounts, falling for phishing scams or having malware unknowingly installed on your device.
Continue reading to learn more about compromised accounts and tips to prevent your accounts from being compromised.
Accounts get compromised due to public data breaches, using weak passwords, not enabling MFA on online accounts, falling for phishing scams or having malware installed on your device.
A public data breach happens when a company you have an account or service with has its customers’ Personally Identifiable Information (PII) exposed. Depending on what the company stores, information that is exposed in a data breach can vary. For example, data breaches can expose user login credentials, birthdates, full names, home addresses, Social Security numbers and so on. If login credentials are exposed in a data breach, this can lead to a compromised account.
Weak passwords are passwords that don’t follow password best practices. Password best practices require that passwords are at least 16 characters long and use a combination of lowercase and uppercase letters, numbers and symbols. Any password that doesn’t follow this criteria is considered weak. Passwords that are reused or slightly changed, contain personal information, or use common dictionary words and phrases are also considered weak.
Weak passwords can lead to accounts getting compromised because they’re easy for cyber criminals to crack or guess. For example, a password that is six characters long and includes at least one uppercase letter, number and symbol can be cracked instantly with the tools used by cyber criminals, whereas a password that is 16 characters long and includes at least one uppercase letter, number and symbol would take those tools a trillion years to crack.
MFA is a security measure that adds extra layers of protection to your online accounts when it’s enabled. With MFA enabled, in addition to your username and password, you would also have to provide one or more methods of authentication to prove that you own the account you’re logging in to. Even if a cyber criminal knew or was able to guess your account’s password, MFA would require them to provide additional authentication, which they wouldn’t be able to provide.
When MFA is not enabled on accounts, compromising those accounts becomes a lot easier to do because there’s no additional security protecting the account.
Phishing is a cyber attack in which cyber criminals use social engineering techniques to convince victims that they’re someone they know to get them to reveal sensitive information. cyber criminals often pose as companies, friends, family members and even coworkers. In a phishing scam, the goal is to get the victim to reveal sensitive information like login credentials, credit card numbers and more.
This might be done by getting the victim to reply back with the information or getting them to click on a malicious link that leads them to a website that looks legitimate but is actually a spoofed site. If the victim inputs any sensitive information onto the website, they’re essentially handing it over to the cyber criminal without knowing. If they input their login credentials, cyber criminals can use them to log in to their actual online account, leading to account compromise.
Malware is malicious software that can do different things depending on the type that gets installed on your device. For example, keyloggers can track your keystrokes to determine what you’re typing as you’re typing it. Spyware can spy on your device’s screen and even gain access to your device’s microphone and camera.
Malware is typically installed on your device in one of three ways: spoofed websites, phishing emails and messages, and downloading free content on the internet. If malware is unknowingly installed on your device it can lead to multiple accounts being compromised and can also lead to other sensitive information being compromised such as credit card numbers.
Here are five tips to prevent your online accounts from being compromised.
Each of your online accounts should have a unique, strong password that cannot be easily guessed or cracked by cyber criminals. Rather than relying on yourself to create strong passwords, use a password generator to help you randomly create them. If you’re worried that you won’t be able to remember these strong passwords, consider using a password manager. A password manager is a tool that aids users in creating, managing and securely storing their passwords. Instead of having to remember multiple passwords, the only password you’ll need to remember is your master password.
In addition to strong passwords, it’s also important that you enable MFA whenever possible on your online accounts. Even if your credentials were exposed in a public data breach, MFA would prevent anyone from being able to access your account with only your username and password. Some common methods of MFA you can use include Time-Based One-Time Passwords (TOTP) through a password manager or authenticator application, as well as hardware security keys and biometric authentication.
Insecure password sharing includes sharing passwords through email, text messages and any other form of sharing that can be easily intercepted by unauthorized individuals. Avoid sharing passwords through insecure sharing methods to prevent bad actors from being able to compromise your online accounts.
The most secure way to share passwords and other sensitive information is by using a password manager. Password managers like Keeper Security offer a One-Time Share option in which you can share passwords for a certain amount of time with anyone, even if they don’t have a password manager account. When you use a password manager like Keeper to share passwords, cyber criminals won’t be able to intercept them since Keeper uses zero-knowledge encryption to transform the password into ciphertext (an unreadable format) while it’s in transit; in other words, when it’s in the process of being shared.
Phishing is one of the most prevalent cyber threats and is constantly targeting individuals. To prevent your accounts from being compromised due to phishing scams, you need to learn how to spot them. Here are some red flags that point to an email, text message or phone call being a phishing scam.
Clicking on unsolicited links or attachments can lead to your device becoming infected with malware or it can take you to a spoofed website that looks legitimate but is designed to steal your information. To avoid your accounts becoming compromised, never click on unsolicited links or attachments.
If you receive an email or text message claiming to be a company and they send you a link, instead of clicking on it, navigate to their official website yourself. This can prevent you from clicking on a link that is actually malicious.
Here are the signs that point to one or more than one of your online accounts being compromised.
Having one of your online accounts compromised can lead to your sensitive information also being compromised. You must take the necessary steps to prevent account compromise by using strong, unique passwords for each of your accounts and enabling MFA whenever the option is available.
Investing in a password manager like Keeper Password Manager can help prevent account compromise by aiding you in creating strong passwords and storing your 2FA codes for you. Start a free 30-day trial of Keeper to start securing your online accounts and prevent account compromise.
You May Also Like
An identity-based attack is a type of cyber attack that targets and compromises the digital identity of individuals and organizations. In this type of attack, a cybercriminal tries to steal, alter and misuse an individual’s identity-related...
Choose Language