30 July 2009

Beware of the inactive email security loophole

This article on TechCrunch details how the personal accounts of Twitter employees were hacked. The moral of the story is that when it comes to security, you are as week as your weakest link.

After reading the article, I searched all my email accounts for passwords. It's really stupid how companies will send you confirmation of your password in cleartext over email.
Lifehacker followed up with an explanation of how inactive email accounts on Hotmail can easily be hacked into. The problem is that Hotmail accounts are recycled. Gmail and Yahoo are no better. The lesson to take away is that if you use an email account for passing sensitive information, you should log into it periodically so that you don't lose the account.

No comments:

Post a Comment