Do you use the same password for multiple accounts? Maybe the password for your email account is the same as the password for your banking account? This practice is widely discouraged by all security reasons for one very good reason - it only takes one weak site to leak this password, and then all of your accounts are simultaneously at risk. The more accounts you have with the same password, the bigger the risk.
In the modern age, we all have innumerable accounts to keep track of. Almost every site in the world wants you to make an account with them, so that they can use your information and give you a more personalized experience. Every week you might find yourself creating a new account somewhere, whether it's a new social network, gaming site, music streaming service, forum, or any number of other things. With all of these accounts and passwords to remember, is it any wonder that sometimes we want to make things a little easier for ourselves?
This week, a number of large sites all had to announce that they have leaked the passwords of their users. If you had an account at any of these sites, you must go and change them as soon as possible. But remember, if you used the same password anywhere else, all of those passwords must be changed too.
First of all, you've probably heard about the eBay leak already. We covered news of this ourselves previously at this link, but what you may not be aware of is that the stolen database has been leaked to the public already. That means an encrypted version of your password has already been copied many many times, and is in the hands of untold numbers of hackers. This leak affects an estimated 145+ million users concentrated in America and Europe. To change your password, please visit this link.
Next up, if your a user of the Android Spotify app, it's time to change your password. On the 27th May 2014, Spotify announced to the world that they had detected an unauthorised intruder inside their servers. While it seems that this intrusion was not malicious in nature, it is unclear how much information, if any, was taken. This particular breach is estimated to affect around 40 million users, and we here at the CM Security Research Lab advise all of them to update their passwords at the earliest possible juncture.
Completing today's triumvirate of turmoil is Avast!, Czech Republic's #1 security company. The company reports that information for roughly 400,000 of its forum accounts were taken, which includes usernames, hashed passwords, and email addresses were taken. Hashing is a strong form of encryption, but it's possible for this encryption to be broken and for actual passwords to become known.
If you want to be kept abreast of this news, we recommend installing our own CM Security, available for free at Google Play. We are able to send push notifications to our users as soon as we learn of these leaks, ensuring that you are able to take action as soon as possible and mitigate damage.