Password reuse and vanishing flyer miles

Posted by Posted on by

By the time you read this post, there are chances that someone might be flying to their favorite destination or upgrading to first class at your cost. During the past couple of weeks, a handful of frequent flyers in the United States have faced this mystery – flyer miles disappearing from their accounts. password-reuse

Cyber-criminals have apparently succeeded in accessing the frequent flyer program accounts of some of the customers of American Airlines ( AAdvantage) and United Airlines (MileagePlus) and steal the miles. They have exploited the stolen miles for free trips and upgrades.

Media reports, quoting research firms claim that nearly three dozen user accounts have been compromised in United Airlines. In the case of American Airlines, about 10,000 accounts were ‘affected’. The airlines have started announcing compensatory measures such as restoring lost miles and one year credit-watch service.

Read more

The Heartbleed Bug and Password Reuse, Recipe for Disaster

Posted by Posted on by

– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
If you have the habit of using the same password everywhere, you are at risk for identity theft and a breach in post Heartbleed scenario.
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –

The ‘Heartbleed bug* is perhaps the hottest topic in all types of media – print, electronic, social, and others. This serious flaw in OpenSSL’s TLS implementation is perhaps the biggest vulnerability in Internet history and has sent panic waves throughout IT and consumer communities alike.

During the past few days, you have probably come across information about the Heartbleed bug many times and been swamped by vendor advisories prompting you to change your passwords. The Heartbleed bug had been around for nearly two years unidentified, and it is not immediately known if the bug had been exploited against any web application anywhere. So as a precautionary measure, vendors are suggesting you reset your passwords after patching their applications and fixing the vulnerability.

Heartbleed bug and password reuse 


When you receive an advisory on the Heartbleed bug from a software application provider, you’re likely to promptly change the password in that application or site and feel secure. But the harsh truth is that your entire online life could be at risk. This is because most of us tend to use the same password on all websites and applications.

So if a hacker succeeded in cracking your password exploiting the Heartbleed vulnerability in one site or application, the hacker actually obtained the ‘master key’ to access all your accounts – even those that are not vulnerable to Heartbleed. Read more

Identity thefts through social media platforms: Is your password secure?

Posted by Posted on by

Social media platforms are fast emerging as the most convenient platforms for malware delivery. To combat cyber threats, proper password management should ideally become a way of life.

Over 13 per cent of the world population is on social network and the number keeps growing exponentially. Those who do not own an account in Facebook or Twitter are now being viewed as those living in prehistoric times.


No doubt, social media is wonderful in helping you stay connected with friends, but the sheer popularity of social media attracts the attention of cyber-criminals looking for ways to harvest identities. Recent surveys by IT security analysts clearly indicate that social media is fast emerging the most convenient platform for malware delivery by hackers. Clickjacking, phishing, identity sniffing are all continuing unabated and are growing at a faster pace. Despite untiring awareness campaigns by the social media giants, even tech-savvy users are falling prey to attacks perpetrated through the social media. Read more

Security breaches and password reuse

Posted by Posted on by

How many times in the recent past did you receive advisories asking you to reset the passwords of your online accounts? 

  • Just a couple of weeks ago,, the popular internet marketing software advised all its customers to reset their MOZ account passwords, because the encrypted portion of some of the member passwords were made public for a brief time.
  • About a month back, online daily deal company LivingSocial Inc. alerted its 50 million users to reset their account passwords following a cyber-attack on their computer systems that resulted in unauthorized access to some customer data from their servers.
  • On March 2, 2013, Evernote revealed that hackers had gained access to their network and been able to access user information, including usernames, email addresses, and hashed passwords. About 50 million users of Evernote were asked to reset their passwords.
  • Nearly a year ago, over 6.46 million hashed passwords were reportedly stolen from LinkedIn. Following that, LinkedIn asked the affected users to reset their passwords.
  • During the beginning of 2012, cyber-criminals had apparently gained access to the internal network and systems of the popular online shoe and apparel shop Zappos through one of their servers in Kentucky. Zappos suspected unauthorized access to its customer information and asked customers to reset their passwords.

These are just a few prominent samples. The list will actually fill volumes.

Resetting the password in the affected site alone may not be sufficient!


When you receive advisories like the ones mentioned above, you would promptly change the password in that site and feel secure. But, the harsh truth is that passwords and other sensitive data exposed in a single site could potentially affect your entire online life. This is because of the simple fact that most of us tend to use the same password on all sites and applications. So, the hacker who succeeds in cracking your password, actually gets the ‘master key’ to access all your accounts.

Just consider these scenarios:

  • An employee has used the same password for his social media accounts as well as work email and VPN. Data expose at just one site could invite hackers to your organization’s doorstep!
  • You are using the same password for your social media account and for online financial accounts. Password expose at one place could potentially drain your account..

So, when security incidents happen at one of the places, you should essentially reset the passwords of all other online accounts too. But, before you could do that, you should have the list of all online applications in which you own an account!

There is no magic wand: Use a unique password for every site

It is always prudent to have unique passwords for every website and application and supply it ONLY on that site/application. When there is news of password expose or hacks, you can just change the password for that site/app alone. Frequently changing passwords as a habit is also highly recommended.

But, here comes the problem: You will have to remember multiple passwords – sometimes in the order of tens or even hundreds. It is quite likely that you will forget passwords and at the most needed occasion, you will struggle logging in, resulting in password fatigue.

The way out: Use a password manager

Just like you have an email account, consider using a password manager too. In order to combat cyber-threats, proper password management should ideally become a ‘way of life’. Password Managers help securely store all your logins and passwords. In addition, you will get an option to launch a direct connection to the websites / applications from the password vault’s GUI itself. Saving you even the ‘Copy & Paste’ task, logging in is just a click away. Once you deploy a Password Manager, you can say goodbye to password fatigue and security lapses.

And, Zoho offers Zoho Vault, an online password manager, which solves all your password management problems. Try Zoho Vault!