An expert warned that learning a hacker just one of your passwords could be enough to cause serious damage – especially if it’s your email password.
Jake Moore, security specialist at ESET, says that it is “very easy” for cybercriminals to obtain a password, and that they are “regularly” compromised in data breaches.
Cybercriminals make a living by hacking into a large company database containing stored passwords, or taking advantage of internal security control among employees.
Another method of taking passwords is phishing emails, which contain links to fake websites designed to trick you into entering your password.
But in many cases, the password can be easily guessed because it is made up of common words or phrases, with “qwerty” and “123456” being classic examples.
A hacker with access to just one password can cause serious damage and financial loss – so proper security practices are essential (file image)
It’s ‘very easy’ for cybercriminals to get hold of a password, says Jake Moore, security specialist at ESET (pictured).
One of the biggest risks, Moore said, is that people have a bad habit of using the same password for several different accounts.
Tips for protecting your passwords
Do not click on suspicious emails
Set up two-factor authentication (2FA) on your accounts
Do not use the same password (or even similar passwords) for multiple accounts
– Do not share your password with anyone
So if a hacker knows your email address and password for one account, they will try that on different platforms as well.
Moore revealed the damage that could be done if a hacker obtained a password, in the case of three different scenarios.
The expert says it’s probably the most damage that can be done if a criminal gets hold of your email password – largely because email access can be a gateway to many other platforms.
“Email is the most worrying account to lose control of because if it gets hacked, hackers can simply get access to all the other accounts online,” Moore told MailOnline.
This is completed by searching the corresponding email address as a username on other platforms and clicking “forgot password”.
This then sends a direct link to the hackers to change the password to whatever they want.
Email accounts such as Gmail also have a large amount of personal information stored that can be used to imitate you (file picture)
Email accounts like Gmail also have a great deal of personal information stored that can be used to imitate you – such as your date of birth, phone number, and even home address.
Moreover, the passwords for different websites are stored in your Google account, which can be accessed by logging into Gmail.
“If a hacker has access to your Gmail, it’s possible that they could also access your connected Google accounts,” Moore said.
Your Twitter account includes your phone number, email address, and more, including, possibly, your date of birth and also your payment details if you’re a Twitter Blue subscriber.
But a hacker could also renew your account for impersonating someone else—at the risk of being banned by Twitter staff and lost forever.
A lot depends on whether you have a security standard known as two-factor authentication (2FA) set up on your account.
2FA sends an SMS containing a code to users’ smartphones, which they have to enter to access their account, as an extra layer of security.
Elon Musk recently removed SMS two-factor authentication (2FA) from the free version of Twitter and made it exclusive to Twitter Blue — a decision Moore called “ridiculous” that would lead to “many accounts being hacked.”
Elon Musk recently removed SMS two-factor authentication (2FA) from the free version of Twitter and made it exclusive to Twitter Blue (pictured)
However, you can use an authenticator app — such as Google Authenticator — to continue using 2FA on your Twitter account.
Meanwhile, if a hacker gets hold of your Facebook password, their next step will likely be to share spam and phishing links with some of your friends, hacking your account again.
While criminals use fake accounts to conduct phishing scams, they increasingly prefer hacking legitimate accounts.
Online supermarket apps such as Tesco or Lidl store only password-protected personal information, Moore said.
The hacker could potentially change your address registered to your shopping account and use your payment details to deliver groceries to their home.
“Supermarket accounts store a lot of data on you from phone number to home address,” said Moore.
This information is highly searched for and is often only protected with a simple password.
However, the biggest cause for concern is probably the use of these apps to find out your personal details, which can be sold on the dark web.
The dark web can only be accessed through private web browsers and is used to keep internet activity anonymous – so for criminals it is an ideal place for their illegal activity.
Online supermarket apps such as Tesco or Lidl store only password-protected personal information, Moore said
Moore said that “information is the new gold” as it can be bought and sold.
Hackers can use your stolen information to open credit card accounts, apply for government benefits, take out loans in your name and much more.
In general, Moore recommends using password managers — apps on your phone, tablet, or computer that store your passwords so you don’t need to remember them.
“Password managers are almost impossible to hack,” he told MailOnline. You will need an authorized device to see passwords.
It’s also important to limit the information you’ve stored online and only provide data that’s necessary for the app or service, he says.
More tips for securing your password
1. Be aware of all accounts in your possession
Experts recommend deleting unused accounts and knowing the exact number of active accounts. In this way, you can prevent loopholes in your password management.
2. Make up long and unique passwords, and never reuse them
Complex combinations of numbers, uppercase and lowercase letters, and symbols make passwords stronger. Reuse is never an option – if one account is hacked, the other accounts are at risk.
3. Use a password manager
This technological solution completely encrypts the passwords stored in the vault and allows secure sharing.
Many cybersecurity incidents are caused by simple human errors – people leave their passwords accessible to others and store them in Excel or other applications unencrypted.
4. Don’t overshare on social media
Online accounts are often behind an access barrier asking questions of random personal details such as “pet’s first name”.
These random facts have acquired new value for criminals in the age of online scams and phishing attempts.
If the scanner can gather enough evidence from your social media page, for example, it might be able to guess the answer to such a question or even your password.