Krebs has it right – you are the one who has been hacked
How many times do we hear that another site has been hacked, whether icloud, twitter, Facebook, Sony and now Starbucks.
The media generally does an extremely poor job on describing these situations, and the average user just gets confused. This is a different scenario than Target
Krebs sums the recent Starbucks situation up well here.
Those customers had all chosen to tie their debit accounts to their Starbucks cards and mobile phones. Sullivan allowed in his story one logical explanation for the activity: These consumers had re-used their Starbucks account password at another site that got hacked, and attackers simply tried those account credentials en masse at other popular sites — knowing that a fair number of consumers use the same email address and password across multiple sites.
How many of you and others use the same username and password for more than one site? And perhaps one of those sites is the latest app du jour that you signed up for. It is perhaps a beta, and no hardening or monimal security controls are in place.
When bad guys hack into that site with relative ease they now have a large set of email addresses and passwords. They can also get those credentials from a key logger that sits on your computer after that malware you inadvertently downloaded last month.
Now all the bad guys have to do is run those credentials against all the popular cloud sites, social media sites, and of course some will be successful. Once they get a successful log in that site has ‘been hacked’ in the eyes of the media.
Its tempting to use a low difficulty and common password for multiple sites that you are signing up for to try out. However, NEVER use the same password more than once where financial information, credit cards e-commerce are involved. You will eventually be caught out, and that easy password on app.com will give the bad guys access to your credit card or worse.
Krebs has it right Starbucks users. You have been hacked. The bad guys just logged into that site as you.