Security news
Security news11 September 2006
Hackers may get second chance to benefit from Second Life security breach Using the same password on multiple websites increases risk of falling victim to hackers
Many users make the mistake of using the same password on multiple websites.
Experts at SophosLabs™, Sophos's global network of virus, spyware and spam analysis centers, have warned computer users that using the same password on multiple websites greatly increases the risk of falling victim to hackers, following news that players of a global online game have been asked to change their passwords due to a security breach.
Players of the "Second Life" online fantasy game were asked to change their passwords after a hacker broke into a database holding information about the game's 650,000 users. This information included addresses, passwords and encrypted credit card details. According to Sophos, while changing passwords will prevent criminals from gaining access to users' Second Life accounts, they could still be at risk if they use the same password for other websites.
"Gamers may think that once they modify their Second Life password, they've eliminated the danger, however the reality is that the old password may now be used by hackers to target other accounts," said Graham Cluley, senior technology consultant at Sophos. "It's bad enough that criminals were able to gain access to such personal details in the first place, but even if this avenue has now been closed off, hackers could well find themselves with an opportunity to access the email, eBay or even banking accounts of unsuspecting Second Life users."
A recent Sophos web poll uncovered that 41 percent of business PC users admitted to using the same password all the time, while just 14 percent use a different password for every website they access.
"Not every website will treat your password with the same degree of confidentially, so it's vital that users ensure they use different passwords for sites which carry sensitive data about them," continued Cluley. "On top of that, if the passwords deployed are all short dictionary words, it won't be hard for a hacking program to figure them out, so it's equally important to make each password hard to guess."
Sophos continues to recommend companies protect their desktops and servers with automatically updated anti-virus protection, and educate their employees on safe computing, including the intelligent use of passwords.
Download now
- USA number 1 for malware and spam
- Huge surge in email attachment attacks
- Scareware makes users buy bogus products
About Sophos
Sophos enables enterprises all over the world to secure and control their IT infrastructure. Sophos's network access control, endpoint, web and email solutions simplify security to provide integrated defenses against malware, spyware, intrusions, unwanted applications, spam, policy abuse, data leakage and compliance drift. With over 20 years of experience, Sophos protects over 100 million users in nearly 150 countries with its reliably engineered security solutions and services. Recognized for its high level of customer satisfaction and powerful yet easy-to-use solutions, Sophos has received many industry awards, as well as positive reviews and certifications.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com
