Google’s BlackList Exposed Confidential User Information
Finjan Inc., web security expert, reconfirms recent reports that:
[...] Google have unwittingly exposed private user names and passwords on the Google anti-phishing blacklist, which did not use any access protection. Such sensitive information could potentially have been used to compromise user privacy, and could even have been used for identity theft or financial profit (as users generally have a single “web” password for most of their online accounts).
Can we repeat it enough? Do not reuse your passwords.
Suppose it was one of your “standard” passwords exposed in that list – how many other accounts could that same password have been used to gain access to?
Read this post about the consequences of password re-use.
How to avoid Identity Theft
- make strong passwords – (here’s how)
- don’t reuse them – (even the UN says it’s a bad idea)
- If lots of strong passwords are hard to remember get a password manager
(Ok, I admit, PassPack is my favorite Password Manager, but there are plenty of others out there, and you should always shop around. And only choose someone who inspires your trust.)
Technorati Tags: PassPack, passwords, password manager, security, google, identity theft
1 response so far ↓
Another reason to reconsider your password approach at FactoryCity // Jan. 23 2007 at 21:24
[...] Firefox extension) apparently contained various phished usernames and passwords, suggesting that you really should not use the same username and password combination across the [...]