Linked: How Nest, designed to keep intruders out of people’s homes, effectively allowed hackers to get in

posted in: Links, Tech 0 |
Reading Time: 2 minutes

In this case, it wasn’t even that Nest had an insecure device, though that is often open to debate with of Things devices. No, this was all about reusing passwords.

“The method used to spy on the Thomases is one of the oldest tricks on the Internet. Hackers essentially look for email addresses and that have been dumped online after being stolen from one website or service and then check to see whether the same credentials work on another site. Like the vast majority of users, the family used similar on more than one account. While their Nest account had not been hacked, their password had essentially become public knowledge, thanks to countless other breaches.

In recent years, this practice, which the industry calls “credential stuffing”, has gotten incredibly easy. One factor is the sheer number of stolen being dumped online publicly. It’s difficult to find someone who hasn’t been victimized.

A new breed of credential-stuffing software programs allows people with little to no computer skills to check the log-in credentials of millions of users against hundreds of websites and online services such as Netflix and Spotify in a matter of minutes.”

So how do you avoid this? First, just go ahead and assume that some website that you use has been breached and your username and password for that site is out there somewhere.

Once you assume that, of course, it now seems silly to use the same one on multiple sites, no? So don’t do that.

But, how will you remember all those different passwords?

That’s what password managers are for. Use one. Have it remember the for you. When you hear of a site being breached, change that password, and relax in the comfort of knowing that that password won’t work anywhere else.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.