Three quarters of South Korea popped in online gaming raids Three quarters of South Korea's population have been compromised in a massive data breach affecting 27 million people. The nearly incomprehensible breach was revealed when 16 individual were arrested after selling the records relating to victims aged between 15 and 65 years-old. The records included names account logins …
Part of the package seems to have been ID card numbers which allow the identification of individuals.
Just shows how important it is to differentiate between requiring account credentials that identify someone authorised to access an account (MickeyMouse23, born 01/01/1900), and credentials that include data to identify the account holder as a unique individual (NI number, Passport number etc). The former means that a hack of one database does not automatically lead to the ability to hack other sites/systems with the same data, which is so much safer.
Always use different account details for every website! For instance, I really can't understand why anyone would want to log in to any website (other than Facebook) with their Facebook account - just asking for trouble when their FB a/c is hacked.
Seems quite understandable to me. Each web site requires identifier and password. Security bods all over are always harping on about having a different password for everything.
But people are bad at making up passwords, and worse at remembering them.
So Facebook (Google is too) are offering this as a service - log on with them and you don't need to remember any other password.
Except that then it opens you to the single point of failure problem, so it is not actually a solution.
Always use different account details for every website!
Why?
The accounts are thrash anyway, they are entertainment, but, they are not "me" - sure - someone can easily hack all my web accounts and write racist and homophobic rants under my pseudonym. Bleh.
The thing you must always do is:
1) LIE - do not use any real data, data of birth, answer to verification questions or whatever they want. Because any information that refers to me as an individual is a foothold for a hacker to get at things that matter.
2) Minimise the use of services where you can't lie.
PS:
Why do so many dum-dum web-businesses insist on having an account created and storing user information and even credit card numbers? It just creates trouble because now the business have to secure that information, comply with data retention laws and it becomes a big, fat, target for hackers. Better to not store the information at all.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
