It seems that those friendly, harmless little hackers from LulzSec have turned their attention, at least momentarily, from computing giants to passing bystanders in the evolving battle that has been kicking up online in past months.
Friday the hacking community Lulz Security (LulzSec) posted a file which it claimed contained the username and password information of 62,000 random individuals using popular websites like Facebook and PayPal. While it is doubtful that Lulz itself plans to use that information to do anything but embarrass those websites, other people who now have access to that data may be less playful.
It is unknown how this information was acquired or from what source. However, if you find yourself in a situation in which your Facebook or PayPal accounts have been compromised in a similar hacking campaign, there are important steps that you must take to secure your information and retake control of that loose data.
Mark Ward, a financial IT professional from Colorado, warns anyone who has been compromised to ask the two big questions of information loss: how did it happen and why.
“Anyone who has lost login information of any kind should immediately check the computers they use to access accounts for malware, keyloggers or rootkits. Otherwise, no matter how often you change your information thieves will retain access to the information.”
If you were foolish enough to use that login information in multiple places, change it everywhere – or you might find those accounts compromises as well. Next, identify why you were targeted.
“LulzSec rarely goes after individuals – if your information comes up in their attacks you were probably just caught in the crossfire.”
If you are someone who they may take personal interest in, however, take care to protect all other information and let those connected to you know you have been targeted. They may be approached for further information.
The loss of PayPal login information is typically more pressing than the loss of Facebook data, and as such requires forceful and immediate action. Begin by reporting the breach to PayPal and closing the account immediately. This stops that account from being used for any illegal purposes that you might otherwise wind up being liable for. Next, contact the financial institutions connected to the PayPal account and have them monitor your funds. It may be necessary to close those accounts in time, but it typically is not necessary to do so immediately.
Finally, and perhaps most importantly, contact any individuals with whom you regularly do business through that account and let them know that you have been compromised. Your past actions will be visible to any digital thieves, and it is very possible that they may be contacted by email or phone by people claiming to be you. Consider setting up a secure passphrase with PayPal business partners so that they can know that it really is you they are talking to.
Facebook contains mostly social information and is not connected to your finances and as such it is less crucial to contact connections to such an account as quickly. Again, notify Facebook, telling them of the breach, and close the account. This severs your connections to any photos that may be linked to your account. Let your friends know that you have been hacked, and advice them to be weary of anyone claiming to be you.
As skirmishes online increase in frequency, more and more people will likely get caught in attacks on groups they have no significant connections to. By following these simple steps, the damage of a breach can be minimized and you can return to your usual online activities without delay.
Martin's Words of Wisdom
If you had an account at one of the hacked company sites, and used the same account login, email, password combination at other sites, your first step needs to be to change your passwords at all those sites. Before you do anything else, change your account passwords.
PayPal users can improve security with identity protection devices. It costs little money and adds two factor authentication to PayPal. Attackers who get your username and password, cannot access the PayPal account because they do not have the code that gets generated on the fly when you use the device locally.
I probably would not go as far as to close down the account. I'd change the account password, get the security device and monitor my PayPal funds closely to react immediately when I'd spot an unauthorized transfer. You may however want to cut the link to your debit and credit cards in PayPal to avoid that they are charged automatically whenever a payment is made that exceeds the account balance.
Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.
We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats (video ads) or subscription fees.
If you like our content, and would like to help, please consider making a contribution:
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.