Part 1 How Do Passwords Get Hacked?

A Hack Here. A Hack There. A Hack Everywhere.

Monster, 2007 – 1.6 Million Accounts Compromised

Personal information was hacked and used to exploit account holders and extort them for money. Phishing emails that appeared to come directly from Monster contained specific account details and encouraged users to download a malicious program. For those that downloaded the program, their files were encrypted and held for ransom and the users were forced to pay the hackers for a decryption code.

LinkedIn, eHarmony & Last.FM, 2012 – 8 Million Passwords Stolen

Of this 8 million, a majority of them were cracked in less than 24 hours. Many of the passwords contained key phrases such as Harmony or eHarmony and even more of them were considered the most crackable and most popular passwords on the market.

AshleyMadison 2015 – 37 Million Accounts Placed Out in the Open

A group of security researchers by the name of CynoSure Prime splintered nearly 11 million of these passwords and are currently in the middle of 15 million more. They are not releasing the passwords to the public, but their research suggests a significant percentage of these passwords were less than eight characters long, with no special characters and no capitalization.


How Do Passwords Get Hacked?

Hacking occurs everywhere, to anyone, and sometimes for no better reason than to have a little fun. The first line of defense against any good hack is a good password. A nicely formatted password can withstand even the most brutal of attacks.

But before you build up your password, you must know how it can be broken down. Here are seven common ways a hacker plans to crack your code:

1. They Guess It

Anyone who knows you personally, checks out your social media page, or overhears your conversations, can crack a simple password. Do you use the name of your child, your favorite football team or the make and model of your vehicle? What about your wedding anniversary, place of birth or favorite movie? If so, you’ve done been cracked.

2. They See It

Have you ever logged into an account in public or written a password down on a piece of paper? Did the person standing behind you in line see you? Did you even know someone was standing behind you?

3. They Log It

Has your PC, phone or tablet been infected by malware lately? If it has, you might be infected with a bad case of the Keyloggers. This tricky version of malware can see and track everything you type. If you don’t use a password manager, it can log all your keystrokes, including when you signed into your bank account, your email, and your Facebook page.

4. They Automate It

There are many types of software available – most of which are free – that hackers use to crack your passcodes. These include Brutus, RainbowCrack, and John the Ripper. These automate the code-cracking process and the only defense is a long, complex password and time. This malicious software creates algorithms to quickly run through every dictionary word and a list of the most popular passwords. It will then attempt other less common word combinations and begin attaching capitalizations, numbers, and symbols. If your password is complex enough, it may take weeks or months this tool to guess your code.

5. They Expose It

Hackers can use a variety of means – phone, email, letters – to wrongfully expose your password. This type of password cracking would fall in line with the Monster example noted previously. The hackers stole personal information from Monster’s account holders and used this information to moonlight as the company. While their intent was not to gain passwords, they easily could have done so.

6. They Phish It

The intent here is to trick you into inputting your login information. A corrupt link will lead you to an illegitimate website that looks almost identical to the real thing – your email, a shopping website or your bank account. Once you type in your credentials, the site will record your information and use it to gain access to your true account.

7. They Steal It

Ashley Madison’s account passwords were stolen. Someone hacked into their database and kidnapped all the information it contained. These passwords were ‘hashed’, which transforms your data into another format much like encryption does. But with hashing, the data is stored differently and is not ‘reversible’, meaning it should be more secure for data like passwords; however, this did not stop a handful of security experts and groups from trying. It only took a few hours for most of these groups to crack millions of Ashley Madison passwords. And, once again, the only defense you have is a long, complex password and time.

Leave a Comment

Your email address will not be published. Required fields are marked *