Hackers Start 2016 by Coming After Fitbit and Time Warner Customers.
Some people make resolutions at the start of a new year, usually to change old habits. Evidently hackers take a different approach. They don't change their ways—they simply go after new targets.
So in the very first days of 2016, according to news reports, hackers decided to have fun by busting into cable customer accounts and fiddling with health gadget personal information.
So much for getting off to a happy, even healthy, start to the new year. Now before this story goes much further, here are some safety resolutions you should make. As you read on, you'll realize why:
- Manage your passwords in the most effective way possible.
- Keep your antivirus software up to date.
- Use separate passwords for different accounts.
- Be aware of phishing scams...fraudulent emails that try to trick you into revealing data.
- Tell your family to stay safe online! Everyone on a home network plays a role in keeping the network safe.
Unfit for security.
One of the first hacks was against customers of Fitbit, the company that sells wearable devices with technology designed to help us improve our fitness and health...but little, it seems, to protect our data.
Fitbit Inc., based in San Francisco, is best known for activity trackers and other wireless-enabled wearable devices that measure, among other things, the number of steps you walk daily, the quality of the sleep you get, your heart rate and other health-related metrics. The Fitbit Tracker was their first popular device.
At the beginning of January, it looked as if Fitbit's online systems weren't fit enough to fend off hackers. A number of online accounts were compromised by hackers, who decided to throw Fitbitters off track by changing their email addresses and usernames. When Fitbit customers tried to log in, they discovered their accounts had been taken over.
The hackers didn't get into all Fitbit accounts, but then again, it's not quite clear how many (or what percentage) of Fitbit accounts they did compromise. Fitbit isn't saying. BuzzFeed, a news organization, first reported it—and they claimed that user information from the devices' GPS data had been stolen by the hackers. That data would show where a person ran, what route, what days, etc.—a bit frightening for Fitbit customers, even though the company has said that data was not stolen.
How did the hackers get this far? It seems they managed to pull the usernames and associated email accounts of Fitbit customers from third-party sources—not from Fitbit's computer/server network. Fitbit implied that hackers had penetrated other companies' networks, where they then happened to obtain usernames and email accounts that were the identical email addresses and usernames of Fitbit accountholders. As you might guess, Fitbit customers weren't too happy with that explanation. They felt Fitbit should do more than blame customers—whose personal fitness information was compromised—for security breakdowns. It was enough to make a Fitbit customer throw a fit...or throw their Fitbit into a dumpster.
Time Warner customer accounts hacked!
We were barely a week into 2016 when word came that hackers had launched an attack on Time Warner Cable (TWC). In all, it looks as if they stole the email addresses and passwords for 320,000 Time Warner customers.
That's quite a breach, and evidently Time Warner was caught off guard. In fact, they sounded quite stunned about it all:
- Time Warner said that the FBI had informed them of the breach.
- They can't explain how the data was stolen, but thought perhaps that someone on their staff may have had their computer compromised through a phishing attack, and that malware could have been inadvertently downloaded.
- They also threw out the possibility of a backdoor attack, in which hackers could have stolen customer data from third-party vendors that have access to TWC customer data. In other words, the company isn't admitting that its own servers were compromised.
But however it happened, it's still lousy news for 320,000 TWC customers. To address the issue, the company contacted affected customers to advise them to change their account passwords.
Why this is a BIG deal.
How would you like someone putting your email address—and the passwords that go with it—up for sale? It happened to customers of Comcast Cable in November 2015 in a breach similar to that of TWC's. Comcast had to report that not only had 200,000 valid email addresses and passwords been stolen, but that the information was up for sale online! Imagine the (bad) possibilities:
- They could stalk or spy on you. Someone could access your email account and see your personal, financial or medical information and more.
- They could impersonate you. They could send emails to companies or friends, pretending to be you...and obtain anything, from money to sensitive information.
- They could compromise other accounts you have. They could breach accounts you have that you access with that email address or same/similar password.
- They could reset your passwords. They could block you out of your own accounts!
Once it was discovered that the customer accounts were being sold on an illicit online marketplace, Comcast proactively reset the passwords for the affected 200,000 customer accounts.
It's up to you to protect yourself.
It's easy to think that companies that offer us technology should use technology to protect themselves and their customers. But as these two incidents show, that's not always the case.
Heed the warnings: Do whatever it takes to mix up your passwords for each account you have online. Hackers like easy targets. Don't be one of them.