So how does this type of thing happen?
No one can be positive of the tactics used to carry out such an attack, but there are many ways that these types of attacks could be launched:
- Social engineering – targeting an individual within an organization and getting them to unwittingly share confidential information
- Malware – code specifically targeted at stealing a particular file
- Hacking – someone specifically breaking into a confidential database to get information
- SQL injection attack -- code injection technique that exploits a security vulnerability in a website's software
- Insider threat – someone inside the organization purposefully sending the file outside the organization
- Create a strong password: The key aspects of a strong password are length (the longer the better); a mix of letters (upper and lower case), numbers, and symbols; with no ties to your personal information, and no dictionary words.
- Have different passwords for different sites: Attackers often exploit one service to gain access to another. If you have different passwords for different sites, even if they have access to one site with your password, they won’t have access to the multitude of other sites that you have access to, such as your bank account or other personal accounts.
- Change your passwords every 90 days: This is good online hygiene to make sure that any breach you may not be aware of can be thwarted by making it more difficult for any attacker to gain access to your accounts.
- Change your password immediately when notified of any breach: Any time you hear of a breach at a website you have an account, you should immediately change your password to make sure that whatever information may have been breached is no longer valid.
