Have you been pwned?
In other words, have any of your username / password combinations been stolen during any of the many data breaches in recent years? Chances are, they probably have, and it’s also likely you didn’t take the proper precaution of changing your password to a more secure one. That’s not necessarily your fault.
Those are the findings in a recent study out of Carnegie Mellon University’s CyLab. The findings were presented last week at the 2020 Workshop on Technology and Consumer Protection.
“In our study, only one in three people who had accounts on breached domains changed their passwords,” says CyLab’s Sruti Bhagavatula, a Ph.D. student in the School of Computer Science. “Only 13 percent of people with accounts on these domains changed their password within three months of the breach announcement.”
Many may find these findings alarming, given the ubiquity and growing number of corporate data breaches in recent years. In January 2019, for example, a collection of over 700 million email addresses alongside passwords, referred to as “Collection #1” had been distributed on a popular hacking forum.
To reach their findings, the authors of the study observed the security practices of 249 willing participants through the Security Behavior Observatory (SBO), a group of participants consenting to have their daily computing behaviors observed. The researchers focused on nine breaches, and observed the behaviors of users who were in the SBO at the time of those breaches.
One of the breaches they focused on was the Yahoo breach that occurred in 2017, in which every single Yahoo account–all 3 billion of them–was hacked.
“We wanted to check…
Protection of critical cyber systems: Canada introduces new legislation under Bill C-26
On June 14, 2022 the Government of Canada introduced Bill C-26, An Act Respecting Cyber Se…
Schrems II Judgment Day
The Court of Justice of the European Union (“CJEU“) issued its judgment today in …
