October 31, 2014

Microsoft Hack Attack: A Wake Up Call Not to Reuse Passwords

Microsoft campus Late last week, Microsoft announced it had been a victim of the same kind of hacking attacks reported recently by Apple and Facebook, and earlier this month by Twitter.

No Customer Data Compromised

In a public statement on Friday on its Security Response Center blog, Microsoft insisted the scope of the attack was fairly limited.

Matt Thomlinson, General Manager of Trustworthy Computing Security, wrote:

“During our investigation, we found a small number of computers, including some in our Mac business unit, that were infected by malicious software using techniques similar to those documented by other organizations. We have no evidence of customer data being affected and our investigation is ongoing.”

While Microsoft, Apple and Facebook insist no customer data was accessed during recent attacks, Twitter cannot make that claim. And last year, social networking giant LinkedIn experienced a highly publicized hacking in which millions of user passwords were potentially leaked.

A Wake Up Call

We’ve reported recently about the potential security dangers small businesses face online. One of the greatest of these may be the compromise of company data when passwords held by third parties are accessed.

For small business owners and staff who may have literally dozens of accounts ranging from social media to cloud apps, to PayPal to bank accounts, examples like these breaches should be a wake-up call. Why? Because of the dangers of something far too many users do: reuse of the same password across multiple accounts.

As Tom Espiner explained on ZDNet last July after a similar hack of Yahoo exposed the details of about 400,000 users, the real danger is how many other business accounts the hackers may have access to.

According to Espiner, 20 percent or one in five accounts compromised in the Yahoo breach matched the users’ Microsoft accounts — all thanks to password reuse.   So in other words, when one account’s login information is revealed, it is as if the cyber attacker suddenly has a key to get inside other accounts.

If your business maintains multiple sensitive accounts, be sure they do not use the same passwords and other login  information.   Also, change passwords regularly.

Intruders gaining entrance to one account could gain entrance to your financial accounts and cloud apps containing your customer data. That’s a more dire consequence for your business than a single social media account being hacked.

4 Comments ▼

Shawn Hessinger - Editor


Shawn Hessinger Shawn Hessinger is the Editor for Small Business Trends. He is a journalist and social media networker with more than a decade of experience in the traditional newspaper business before moving to the digital world. He was the former community manager of BizSugar and the former community editor at AllAnalytics, a site dedicated to professionals in the business intelligence and analytics community.

4 Reactions

  1. Scary stuff Shawn.

    It is easy to think that big companies like this are super-secure, but I guess this reminds us that they are not.

    Generally the damage by this sort of attack should be limited; it’s if you have the same password for all of your various accounts that you need to be worried.

  2. That is the reality of the modern world: any website, even a large corporate one can be hacked. I keep a spread sheet with passwords, a different one for each website, and unless someone hacks in my laptop (a worthless target for an experienced hacker) my accounts should be OK.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>



Compare your business to the industry - Try our new tool