Reddit Security Breach and Other Forum Digital Security Breaches

On Wednesday, August 1st, Reddit announced that it had uncovered a data breach, according to NBC News. Hackers were apparently able to access a database containing email addresses linked to user accounts, including email addresses from some current accounts as well as a 2007 database backup that included old passwords that had been “salted and hashed” (in layman’s terms, they were scrambled for digital security protection).

Hackers were also reportedly able to access email addresses and public and private messages in the old database, Mac Rumors and other outlets reported.

Reddit reportedly sent an email to all affected users, which was mainly people who joined Reddit in 2007 or before. That’s a great proactive step, and it’s certainly better for those who might have been affected by the security breach to know sooner rather than later.

But this breach is clearly very serious, especially for a site that allows users to be fairly anonymous in their correspondence if they choose to be. It is possible that a database of emails connected to Reddit usernames could make it easier to link anonymous accounts to people’s identities, NBC News pointed out.

So what should you do if you were impacted by the Reddit security breach, or if this ever happens on another online forum you’re a member of?

The truth is, you can’t just delete your Reddit account and hope for the best. The information is out there, but there are steps you can take to protect your account on the site or on any sites where this could happen (and really, it could happen anywhere).

Reddit is recommending that users who are using passwords similar to the ones they had in 2007 should change them, but it’s probably not a bad idea to change your security login info even if you know you’ve changed your password and such since then.

Reddit also recommended that users enable two-factor authentication; take advantage of that extra security step is important whenever it’s available. Even if you weren’t specifically impacted by the Reddit breach, changing your password and setting up the authentication is a definite better-safe-than-sorry move.

Running a dark web scan to see if any of your information, like your phone number or email address, are floating around the web, and monitoring your identity online is never a bad idea either. If you’re not sure how to do all of that, a digital security expert can help.

It’s a good idea to always be careful about what you share online, but security breaches happen. The best thing you can do after they occur is take proactive, appropriate steps to protect your information and identity, on Reddit or any other corner of the web.

Advertisements

How To Keep Even the Most Basic Email Account Secure

Today, it seems there’s no shortage of stories about email hacks or online data security breaches. Just recently, Lifelock — which is meant to help consumers protect their identities online — was the victim of a massive customer email address exposure, according to Mashable.

If you know very little about email security, those stories can make you feel hopeless when it comes to trying to protect your information and identity. With that said, there are steps you can take to better protect your email account.

daniel-falcao-418398-unsplash (1)

Password Security

Password security, and more specifically, the complexity of the password you use to protect your email account, is significantly important. Don’t just throw together part of your name and birthday and call it a day. Make sure to use numbers, symbols and uppercase and lowercase. Consider also making your password long, as opposed to a short string of a couple characters. Lastly, consider using password generators to provide a complex, multi-character password that will be more difficult to break.

As one final note for strong digital security best practices, do NOT reuse your password across multiple digital platforms. The reality is that if and when a web service you use is hacked and the password you use on that platform compromised, if you had used the same password on other platforms, they will now be at risk as well. Yes, it takes extra work and remembering multiple passwords is never fun, but this mitigates a lot of extra digital security risk.

Security Questions

First and foremost, if your email platform allows for 2-step verification, always turn it on. This verification process is highly important in increasing the security of your account.

Outside of that, most email platforms have a security answer question process to recover accounts or gain access to them. In the same vein, your security question answers shouldn’t be obvious for just anyone to come up with either. If you’re friends with your mother on Facebook, and she lists her maiden name, and one of your security question answers is her maiden name, that is incredibly easy for someone to work out with very little research. The answer to a good security question shouldn’t be easy to guess, and should be something you’ll remember — even if it’s an answer that doesn’t actually make sense with the question. If you’ll remember it, and someone else wouldn’t know it or be able to research it, that’s really what matters.

You should also always be sure your recovery options are up-to-date. Don’t just leave it to fill out later. If someone gets into your account, and you’re alerted, you’re going to want to have a recovery option like your personal phone number set up so you can fix it ASAP. Check out your recent activity often, too. If it looks like someone has tried to log in from somewhere strange, that’s something to flag, and means it’s time go in and change your password just for good measure.

The technological challenges of e-mail security

E-mail security continues to be a problem for users at all levels. The baffling array of attacks, including phishing, whaling and business e-mail compromise, shows no sign of letting up in 2018. IT professionals, for the most part, have taken a laissez-faire approach: train users more in ways to avoid e-mail attacks and hope for the best.

But how do you train users when two-thirds of inbound phishing attacks use the company’s own domain name? That makes such scams extremely difficult to detect, according to an article published on the IDG Contributor Network.

Since e-mail is now used by as many as half the humans on the planet, according to research by Radicati, it remains the most effective and inexpensive way to reach out to friends, family and business contacts.

So if it’s clear e-mail isn’t going anywhere, how do we solve its inherent problems?

matthew-fournier-487802-unsplash

Security Made Easier

I have spent the last 25 years studying web-based issues and have a number of patents in the cybersecurity area. More recently, I’ve been focusing my efforts on e-mail security and working to comprehensive solutions that are compatible with existing systems, but at the same time improves e-mail security and functionality.

Let’s face it: e-mail is in dire need of an update since the existing design and architecture allows for virus attacks, spam abuse and other major security concerns.


Spammers are becoming more creative in their ways to get you to click on their links, including using dummy web pages that look like the real thing and then encouraging you to enter your user name and password. You need to be more careful than ever, checking the e-mail address in the from field and rolling over the link with your mouse to see if the web address is legitimate. Keep in mind, most financial institutions will never send you e-mail with links; they usually call or send a letter.

Advances in my patents include: the secure transfer of e-mail messages through existing clients and without necessitating changed e-mail addresses. That’s critical since most other secure e-mail systems (Hushmail, Proton, etc.) require you to use their domain address.

In addition, the system can track all actions performed in connection with an e-mail transmission and has the ability for a recipient to view information about an e-mail message, optionally including information about how other addressees have responded to it, before deciding whether to retrieve and open the e-mail message or not.

The Authentication Route

Experts believe e-mail authentication will become more mainstream in both the public and private sectors, shifting from merely deploying authentication to enforcement, where a domain’s published e-mail policy directs mail servers worldwide to block unauthenticated e-mail. In the private sector, this shift will be driven by marketing departments, who view authenticated email as a brand protection tool, as it can also increase e-mail deliverability.

Authentication may seem like a complex route, but it’s already in use by banks, credit card companies and secure cloud services, so why wouldn’t we authenticate the most fundamental form of communications that business uses today — the simple e-mail message?

fancycrave-530798-unsplash

How We’re Making E-Mail Better, From Security to Productivity To Addressing Junk Mail

us07783711-20100824-d00000

E-mail. It’s way better than snail mail – faster and more efficient, and you don’t have to worry about rooting around for a stamp when you want to send the traditional kind of non-digital message or card or letter.

But in other respects, sometimes you kind of yearn for tradition.

Like, when was the last time you got a hard copy letter in your real mailbox from a Nigerian scamlord? And I’m betting you easily get ten times the “special offers” and other types of junk mail in your in-box (despite the best filters) than your friendly neighborhood letter carrier carts around to hand-deliver to you.

For all the drawbacks of e-mail, it’s become a ubiquitous and vital tool, one that keeps us connected and communicating more effectively than anything else that humankind has come up with. After all, what other tool can lay claim to 3.7 billion global users who send 269 billion messages every day?

We just have to make it better

us07783711-20100824-d00001.png

That’s what a lot of people are doing, addressing the different points of pain that make the user experience something that’s not as optimal as it should be, when you think about it. It has been nearly 25 years since it became one of the first major transformations of the Internet Age. Isn’t it time?

Optimization is what one e-mail innovator, Rahul Vohra, has sought to accomplish with Superhuman. This app is not just super looking, but it’s faster than a speeding bullet. The idea is to enhance productivity, not just through speed, but also by bundling features like read statuses and undoing sends. It negates the need for all those browser extensions.

Edison is a different take, an automated e-mail assistant that interacts with Edison (the AI) and does everything from unsubscribing from junk mail lists to managing your contacts and bills. It’s another e-mail productivity tool.

On a different front are a series of handy tools to save you from those annoying e-mail trackers that add immensely to your junk mail overload. (How bad is it? Over 40 percent of all the e-mails sent every day are tracked.) One is called Senders. It requires no special software or plugins, intercepting e-mails, scanning for tracking codes and scrubbing when they are found. Another app, Ugly Email, detects and highlights messages in Gmail boxes embedded with tracking software.

us07783711-20100824-d00002

Some of the patents around email communication that I have worked on are designed to address a much broader expanse of issues – with improved security at their heart. Working in tandem with all e-mail clients, we enable secure messaging transfer and tracking, for example, along with “for your eyes only” features and a configurable, cryptographic engine for storage.

Today’s e-mail system may not be perfect, but we are seeing many innovations that are making our use of it faster and better and more secure. Yes, it is about time.