News

Password problems lead to ID theft, report

Using the same password on different websites could cause users to become identity theft victims.

7 Mar 2007

People who use the same password for multiple online accounts and websites could leave themselves open to identity theft, according to an expert.

David Emm, senior technology consultant at anti-virus firm Kaspersky Lab said that consumers freely disclose information on social networking sites, designed to be used as unique identifiers - pet name, mother's maiden name, nickname, even car registration number.

"All it would take is one clever hacker or phisher to get hold of these databases and they could have access to a raft of online accounts," he warned.

The company recently carried out a survey on password habits and found that 62 per cent of users have up to ten online accounts that require passwords, with 23 per cent of users having more than 20 password protected accounts.

The study of 150 people also found that more than half of respondents (51 per cent) use only between one and four passwords to access their accounts.

"Today's threat landscape is very different from that of a few years ago," said Emm. "Malware is designed to remain undetected so that it can target victims individually and harvest personal information, to be used for criminal purposes."

He said coupled with personal information gained from a social networking site and hackers could "have the key to credit card accounts, online bank accounts, or social security fraud."

Another survey found that identity theft has increased by 50 per cent over the last year in the US.

Approximately 15m people in the country were victimised by some sort of identity-theft related fraud in the 12 months up to the middle of 2006, a report from Gartner said.

The survey of 5,000 US adults found that the average loss of per person was $3,257 (1,692) in 2006, up from $1,408 (731) in 2005.

"Hackers are exploiting internet auctions, non-regulated money transmittal systems, the ability to impersonate lottery and sweepstake contests, and other types of imaginative scams," said Avivah Litan, vice president and distinguished analyst at Gartner.

"The thieves have also discovered the weakest links in the US payments systems. Typically, the weak links are found among the five or more million businesses that accept electronic payments from consumers, and the consumers themselves," she said.

According to the report electronic theft is a leading cause of certain types of fraud, including credit card, debit card and bank account transfer fraud.

"All sensitive electronic data needs to be protected, but enterprises should be aware that the low hanging fruit for the criminals is electronic card and checking account numbers, as well as user IDs and passwords for online financial accounts," said Litan.