50% of consumers use the same password on their Facebook accounts, that they do on their Linkedin accounts and other services such as Uber, Amazon and Netflix.
This is a real bad idea. A horrible idea actually, which puts consumers at heightened risk of identity theft, banking fraud and online fraud. How bad of an idea is it? I would suggest you read this excellent article by Naked Security that analyzes the risk that consumers take on when they engage in this practice.
In the article they analyzed about 5 million GMAIL account credentials that were hacked. When wordpress was analyzed, they found 600,000 wordpress pages and of that, 100,000 of those sites were using the exact same credentials that consumers used to login into their Gmail accounts.
Everyone knows that hackers are routinely engaging in brute force attacks with BotNets to test credentials from big data breaches at Yahoo, Adobe, Linkedin on other websites. There brute force attacks are behind the rise in account takeover and online fraud that have been plaguing the banking industry.
Amazon And Others Are Alerting Consumers
The Fraud Experts at Amazon, Facebook and Netflix are not content to wait for the fraudsters to test these hacked credentials on their sites and instead have taken proactive measures to stop it before they do.
In a report released this week, Amazon is notifying hundreds of thousands of Amazon Consumers to change their passwords immediately. The proactive notification it is believed is a result of Amazon getting access to list of user-name and password combinations that were breached in some of the recent breaches – DropBox, Yahoo, Linkedin.
After analyzing the combinations they were able to match username and password combinations that matched Amazon users. By proactively telling those consumers to change their passwords, Amazon was limiting their exposure by hundreds of millions of dollars from account takeover.
Amazon isn’t the first to do this. Reports are that Facebook regularly prowls the internet scanning for large breaches. When they find a large breach, they attempt to gain information from as many username and password combinations that they can. They bounce those up against their own credentials and notify the Facebook member to change their password.
Mark Zuckerberg Likes to Protect Facebook Users
You can read what Facebook’s policy is on searching for hacked credentials right on their blog post – Facebook Security.
I for one applaud these service providers proactive stance on protecting their consumers and users accounts. It’s great to see the industry using data and data sharing to prevent future fraud.
Thanks for reading.