Cybersecurity Roundup Series – January 2020

January signaled the end of the holiday season and rang in the New Year by showcasing the latest tech, gadgets, and IoT devices alike at CES. With the introduction of new devices into our home and into the market, understanding how to keep our information and privacy safe becomes more and more relevant. With that in mind, here were some of the hot topics we came across during the month of January.

Hacker leaks passwords for more that 500K servers, routers, & IoT devices

In an article published by ZDNet, a hacker published a massive list of Telnet credentials for more than 500K servers, home routers, and IoT smart devices on a popular hacking forum. Included in the list were IP addresses of those devices, usernames and passwords for the Telnet service, which is a remote access protocol that can be used to control devices over the internet.   By scanning the internet for devices that exposed their Telnet port, the hacker was able to compile a list and use factory default usernames & passwords or easy-to-guess passwords.

While this leaked list of credentials was dated October to November 2019, there is a good chance many of those devices are now using different login credentials or are running on different IP addresses. This should serve as a reminder that keeping our devices on default usernames and/or passwords can do more harm than good and that we should always make sure they are changed as soon as possible.

Ring App packed with third-party trackers

In a study by the Electronic Frontier Foundation, it was found that the Android version of the Ring doorbell app is packed with third-party trackers that send out customers’ personally identifiable information. According to EFF, “Four main analytics and marketing companies were discovered to be receiving information such as names, private IP addresses, mobile network carriers, persistent identifiers, and sensor data on the devices of paying customers.”

In a statement, Ring said, “Like many companies, Ring uses third-party service providers to evaluate the use of our mobile app, which helps us improve features, optimize the customer experience, and evaluate the effectiveness of our marketing. Ring ensures that services providers’ use of the data provided is contractually limited to appropriate purposes such as performing these services and not for other purposes.”

While it isn’t unusual for apps to send information to third parties, users typically are unaware of the extent to which they’re being tracked. More often than not, you can opt out of third-party tracking services through app or account settings.

Worst passwords of 2019

Just how hard are you truly keeping your important information safe from cyber criminals? While having a strong password to your accounts might seem to be a no-brainer, you’d be surprised at how often passwords get overlooked. NBC News shared the top 10 worst passwords of 2019 according to SplashData. While some of these passwords might seem laughable, SplashData estimates almost 10% of computer users have at least one of the 25 worst passwords on this year’s list. With that said, it shouldn’t come as no surprised that accounts tend to get hacked often because of the want to use simple, easy to remember passwords.

Here is the Top 10 list of worst passwords:

1. 123456
2. 123456789
3. qwerty
4. Password
5. 1234567
6. 12345678
7. 12345
8. Iloveyou
9. 111111
10. 123123

Here are a few tips that you can practice to help protect your online accounts:

• Use a Strong Password – A strong password should be at least 12 characters long, with a mix of uppercase & lowercase characters, symbols, and numbers.
• Enable Two-Factor Authentication – This adds an extra step to your login process but helps prove you are the authorized user. Common methods can include fingerprint or face ID typically found on mobile phones and single-use code or authentication code to name a few.
• Change Your Password Frequently – For accounts with sensitive information, a good idea is to change your password often. Passwords weaken over time as technologies and hackers evolve.
• Never Re-Use Passwords – Many people reuse the same password across multiple accounts. Sure, it makes things easy to remember, but if one of those accounts gets compromised, there’s a good chance other accounts using the same password will get compromised as well.

Did we miss out on any other relevant cybersecurity news from January? Let us know in the comments below!