Lulz Sec Posts Log in Credentials Online

Recently, cyber-attack group Lulz Sec posted e-mail addresses and passwords of around 62,000 people online. The login credentials are reportedly associated with members of IBM, Writerspace and several U.S state and federal agencies including the Navy and armed forces.  Around 12,000 credentials allegedly pertain to members of Writerspace, an online forum for writers. The leakage of log in credentials has reportedly affected several online accounts including Amazon. Internet users, who use same passwords for different web and e-mail accounts are more vulnerable to unauthorized access, and fraud caused by online publishing of log in credentials. 

Password construction and management are the basic tenets of cyber security. However, Internet users tend to ignore the fundamental aspect of security. Usually, Internet users use same passwords for multiple online accounts for easy remembrance. However, higher emphasis on convenience over security may make users vulnerable to data breach and fraud. Attackers having access to log in credentials may attempt and gain unauthorized access to several other online accounts of a victim. Cybercriminals may use the leaked credentials to conduct unauthorized transactions, make payments, and gain access to confidential personal details of the victim. Internet users must desist from using common passwords for different online accounts. The passwords for each online account must be unique. Passwords must not be predictable, and must not consist of dictionary words, or personally identifiable information such as name, date of birth, contact number, and social security number. They must construct a password, which has non-sequential characters, and is alphanumeric. Online tutorials and online IT courses may help Internet users in understanding and implementing best practices in cyber security.

Organizations must develop appropriate policies and create awareness among employees on safe usage of corporate e-mail ids, and safe download of documents. Employees must avoid using corporate e-mail addresses for non-official purposes such as online subscriptions. If cyber-attackers have access to corporate e-mail addresses, then they may use such information to launch sophisticated spear-phishing attacks. Such attacks may result in disclosure of privilege business and government related information. E-learning and online IT degree programs and workshops may help employees to gain insights on IT security fundamentals, password management and data security practices. Informed employees are crucial to improve IT security culture and practices in the organization.

Professionals qualified in IT degree programs, security analysis and penetration testing may help organizations in making appropriate assessment of security threats, identification of threat vectors, and mitigation of vulnerabilities and security lapses.