At some time in the last couple of months an Irish website got hacked and its member database was stolen. The database contained email addresses and the associated passwords to login to the website.
The list of email addresses and these passwords was published on a website which has since been taken offline (though you could find it in Google’s cache as recently as 48 hours ago).
While some of the email addresses and password combinations could give you access to a lot of things this would only happen where the person used the same password for everything.
The list was NOT a list of email account passwords ie. if you could actually use the password to access the person’s email account it was purely coincidental.
How do I know this?
My email address is on the list, as I was informed by someone a couple of days ago.
Though even the person who informed me was doubtful that I’d have opted for such a stupidly weak password for something as important as my email. They’d be right. I hadn’t! I had used a weak password on several websites – in some cases semi-intentionally
Unfortunately some people seem to like scaring people and also have zero respect for privacy and zero understanding of security or anything else, so you’ll find the list of email addresses published on at least one Irish website. (I’m not going to link to them, since they don’t deserve a link if they’re going to be that careless with other people’s data, but I do hope that someone flags their idiocy with the data privacy people)
On the plus side, hopefully some people will realise that having a password policy wouldn’t be such a bad idea after all ….
Leave a Reply