Right after the start of the New Year, the message spread that Angela Merkel’s personal details leaked on Twitter. According to the Bloomberg, German Chancellor’s account was hacked, and the information was released in an Advent Calendar sort of fashion. Compromised information involved bills and credit card information, phone numbers, email addresses, photo identification and personal chat histories. Later on, it was discovered that Angela Merkel was not the only one under the attack, but all major German political parties were affected.
A few days later after announcing the incident, the possible mastermind of the attack was found. A 19-year-old guy is claimed to cause a huge data breach that affected hundreds of politicians and celebrities. While the German government takes this attack very seriously as the infringement of the of personal data protection, cybersecurity experts warn all the officials in higher power positions to be aware of the risks.
LEARNING TIP on prevention from being hacked:
1. Keeping accounts secure with complex passwords that consist of a combination of numbers, upper- and lower-case letters, and special characters that is difficult to guess (ITPRO suggests that “The best passwords are the ones you can’t remember“).
2. Using a password manager that stores and auto-fills credentials for different sites, allowing to create a complex and unique password for each site and keeping the device much more secure.
3. NOT sharing the paswords. With the exception of some school services, never provide a site administrator with the password for them to access the account.
4. Changing passwords often, at least once per 6 months.
5. Setting a two-factor authentication which requires to enter a code sent, as an example, in a text message. This makes it more difficult for a hacker to access target’s information, even if they are able to crack the password.
6. Avoiding the use of the correct answer for security questions. Hackers can find out target mother’s maiden name or what street target grew up on easily. It is better to enter random answers, or to make them like passwords and not based on the questions at all.
7. Reading the privacy policies carefully. Any company that collects any personal data must have a privacy policy that details how they use that information and the extent to which they share it with others.
8. Logging out of accounts after the session is done.
9. Making sure that pasword is being entered to an official website. Phishing scams – instances in which a malicious page pretends to be a login page for a social media or bank account – are one of the easiest ways to hack someone. One way to spot phishing scams is to look at the site’s URL: if it closely resembles (but doesn’t exactly match) a reputable site’s URL, it’s a fake site.
The same as any person, any company, regardless of the size, can be attacked. Attackers are aware that receiving GDPR fine could be fatal to the smaller businesses. Read more on how to prevent cyber attacks in the companies.