This past weekend the forums for Mint, a Linux distribution, got hacked and their user database was downloaded. Although the passwords were encrypted the hackers have broken some of them. While they were at it, they replaced the downloadable ISO images of Linux Mint 17.3 Cinnamon with a malicious backdoored version.
While few of you readers may have had an account on that site, it serves as a reminder that you should never reuse passwords on any website, and by all means, make sure your passwords on your personal email accounts are not the same as anything else.
Once a hacker has your email account, they have it all, because most sites send password reset links to your e-mail (especially those without two-factor authentication, which adds a second verification like contacting your phone). If a hacker can access your e-mail, they can use the address to reset passwords for bank accounts, social networks…almost any online account.
If you are interested you can go to this web site at any time and see if your account has ever been downloaded from a site. This is not all inclusive, but it is interesting to see. As an example my email address got hit back in 2013, when Adobe got hacked.
Don’t forget that you can also lie to websites about your security questions in order to be more secure. While you’re at it, learn the biggest password mistakes and best ways to craft a secure password.
Posted by: Systems Engineer Jim Taylor