Following the news of a cyber-attack on the website of ABTA, the travel trade body, David Emm, Principal Security Researcher at Kaspersky Lab commented below.
David Emm, Principal Security Researcher at Kaspersky Lab:
The cyber-attack on the website of ABTA, the travel trade body, is the latest targeting high profile organisations that could possess personal information of thousands, millions or even billions of members (as was the case with the Yahoo hack). In the case of ABTA, hackers may have gained access to members’ e-mail addresses and passwords. ABTA has indicated that the passwords were encrypted, so hopefully the attackers will not be able to make use of them – although ABTA is taking the sensible precaution of advising customers to change their passwords to be on the safe side. Such an attack highlights the importance of providers securing passwords effectively. It’s also important that we all choose sensible passwords to online accounts. Kaspersky Lab recommends the following:
- Make every password at least 15 characters long – but the longer the better.
- Don’t make them easily guessable. There’s a good chance that personal details such as your date of birth, place of birth, partner’s name, etc. can be found online – maybe even on your Facebook wall.
- Don’t use real words. They are open to ‘dictionary attacks’, where someone uses a program to quickly try a huge list of possible words until they find one that matches your password.
- Combine letters (including uppercase letters), numbers and symbols.
- Don’t ‘recycle’ them, e.g. ‘david1’, ‘david2’, ‘david3’, etc.
- If you don’t feel able to remember lots of unique passwords, use a password manager to help you store and remember your passwords securely
- Almost one in five (18 per cent) have faced an account hacking attempt but few have effective and cyber-savvy password security in place.
- Only a third (30 per cent) of people who go online create new passwords for different accounts
- One-in-10 people use the same password for all their online accounts. Should one password be leaked, these people run the risk of having every account hacked and exploited.