I just spent a tedious hour or so changing a bunch of passwords–and you probably should, too, especially if:
- You’re a Sony online games customer, since hackers just scooped up names, home addresses, phone numbers and credit and debit card numbers for millions of users.
- You recently got an email or emails saying something like “An important message to our customers” or “An important email security alert.” These emails were triggered by a massive computer break-in at Epsilon, which handles promotion emails for some of the biggest companies in the world, including Bank of America, Chase, Target and Wal-Mart. The hackers got names and email addresses, which will allow them to create targeted phishing attacks that will probably look identical to legitimate communications from those companies.
- You’ve gotten any other notice from a company that your identifying information has been compromised.
- You use the same password for a bunch of sites, or haven’t changed your passwords in six months or more.
It’s particularly important to change your passwords if you’re using the same one for social media sites as you do for financial sites. Social media passwords are easily hacked, thanks to spoofs and other tricks that send you to lookalike sites that encourage you to retype your ID and password.
The good news is that there are some password vault programs out there that will not only keep track of all your passwords but help you generate new, more secure ones: KeePass, One Pass, LastPass are among them. (Update: LastPass is asking users to change their master password after noticing some weird traffic on one of their servers. Read this for more. Lifehacker also put together a nifty list of LastPass alternatives here.)
Here are some suggestions from consumer advocate Mitch Lipka, who wrote about the break-ins for DealNews.com:
- Do not send your personal information in response to an email, even if it appears to be coming from a company you do business with
- Beware of links in emails and do not input your personal information if requested on the pages that open from those links (if you do click)
- Note the URL that an email link is going to take you to by pointing your mouse over the link (that will quite often reveal that you’re going to a spoof site)
- If you have a question about the validity of a communication from a company you do business with, call a known phone number (such as the one on the back of your credit card) and not a number or email contact that is sent to you
- Monitor your credit card charges and immediately report any usage that is not yours (you are not responsible for fraudulent charges that are promptly reported)
- Check your credit report every few months to ensure someone is not opening credit in your name. You are entitled to a free report once a year from each of the big three credit reporting agencies from this site they have set up.
If you’re a Sony customer, consider these suggestions, courtesy of FoolProof:
- At the very least, change your passwords on your PlayStation Network account, any accounts associated with this, and change any email addresses you may have used on PlayStation.
- At the very least, if you use the same PlayStation Network password on other accounts, change the password on every one one of them. For instance, if your PlayStation Network password is also used on your online banking account, change that password!
- Think carefully about other places you may have used your PlayStation Network passwords. Do you buy plane tickets or hotel rooms online? Did you store credit card information on those sites? Do any of those credit cards use the same password? Go to every account and change them.
- Check your bank accounts and credit cards tied to your PlayStation Network account daily for unusual activity.
- Call your credit card provider (of the card or cards you used on PlayStation Network) and ask them to cancel and replace. “If you want to live on the edge, you can skip this step,” says the Editor of Privacy Times, Evan Hendricks. “But if you really want to be safe, have the PlayStation Network cards cancelled and replaced.”
- Do others in your family have a PlayStation Network account? If so, tell them to read this fact sheet and listen to the Podcast with Hendricks at www.foolproofme.com.