An expert warned that learning a hacker just one of your passwords could be enough to cause serious damage – especially if it’s your email password.
Jake Moore, security specialist at ESET, says that it is “very easy” for cybercriminals to obtain a password, and that they are “regularly” compromised in data breaches.
Cybercriminals make a living by hacking into a large company database containing stored passwords, or taking advantage of internal security control among employees.
Another method of taking passwords is phishing emails, which contain links to fake websites designed to trick you into entering your password.
But in many cases, the password can be easily guessed because it is made up of common words or phrases, with “qwerty” and “123456” being classic examples.
A hacker with access to just one password can cause serious damage and financial loss – so proper security practices are essential (file image)
It’s ‘very easy’ for cybercriminals to get hold of a password, says Jake Moore, security specialist at ESET (pictured).
One of the biggest risks, Moore said, is that people have a bad habit of using the same password for several different accounts.
So if a hacker knows your email address and password for one account, they will try that on different platforms as well.
Moore revealed the damage that could be done if a hacker obtained a password, in the case of three different scenarios.
The expert says it’s probably the most damage that can be done if a criminal gets hold of your email password – largely because email access can be a gateway to many other platforms.
“Email is the most worrying account to lose control of because if it gets hacked, hackers can simply get access to all the other accounts online,” Moore told MailOnline.
This is completed by searching the corresponding email address as a username on other platforms and clicking “forgot password”.
This then sends a direct link to the hackers to change the password to whatever they want.
Email accounts such as Gmail also have a large amount of personal information stored that can be used to imitate you (file picture)
Email accounts like Gmail also have a great deal of personal information stored that can be used to imitate you – such as your date of birth, phone number, and even home address.
Moreover, the passwords for different websites are stored in your Google account, which can be accessed by logging into Gmail.
“If a hacker has access to your Gmail, it’s possible that they could also access your connected Google accounts,” Moore said.
social media
Your Twitter account includes your phone number, email address, and more, including, possibly, your date of birth and also your payment details if you’re a Twitter Blue subscriber.
But a hacker could also renew your account for impersonating someone else—at the risk of being banned by Twitter staff and lost forever.
A lot depends on whether you have a security standard known as two-factor authentication (2FA) set up on your account.
2FA sends an SMS containing a code to users’ smartphones, which they have to enter to access their account, as an extra layer of security.
Elon Musk recently removed SMS two-factor authentication (2FA) from the free version of Twitter and made it exclusive to Twitter Blue — a decision Moore called “ridiculous” that would lead to “many accounts being hacked.”
Elon Musk recently removed SMS two-factor authentication (2FA) from the free version of Twitter and made it exclusive to Twitter Blue (pictured)
However, you can use an authenticator app — such as Google Authenticator — to continue using 2FA on your Twitter account.
Meanwhile, if a hacker gets hold of your Facebook password, their next step will likely be to share spam and phishing links with some of your friends, hacking your account again.
While criminals use fake accounts to conduct phishing scams, they increasingly prefer hacking legitimate accounts.
online shopping
Online supermarket apps such as Tesco or Lidl store only password-protected personal information, Moore said.
The hacker could potentially change your address registered to your shopping account and use your payment details to deliver groceries to their home.
“Supermarket accounts store a lot of data on you from phone number to home address,” said Moore.
This information is highly searched for and is often only protected with a simple password.
However, the biggest cause for concern is probably the use of these apps to find out your personal details, which can be sold on the dark web.
The dark web can only be accessed through private web browsers and is used to keep internet activity anonymous – so for criminals it is an ideal place for their illegal activity.
Online supermarket apps such as Tesco or Lidl store only password-protected personal information, Moore said
Moore said that “information is the new gold” as it can be bought and sold.
Hackers can use your stolen information to open credit card accounts, apply for government benefits, take out loans in your name and much more.
In general, Moore recommends using password managers — apps on your phone, tablet, or computer that store your passwords so you don’t need to remember them.
“Password managers are almost impossible to hack,” he told MailOnline. You will need an authorized device to see passwords.
It’s also important to limit the information you’ve stored online and only provide data that’s necessary for the app or service, he says.
