Working in a company, being responsible for security, you have to deal with passwords. Passwords are used to login to the company network, to login to the desktop PC, to login to webshops. Passwords are used nearly every where.

Due to this, the default user has a lot of passwords to remember. For this reason most users use a very limited number of password. For some the number is just one. To make it even worser, the passwords are not exchanged over the time.

Users tend to forget their accounts. Most likely you encountered is by yourself already. Only accounts which are used on a regular basis stay in the focus of the users. Putting both things together the following happens:

  1. a user created an account on website “example.com”, for example to write a comment
  2. he uses his default password, the same he used on his personal computer, his Email account and his company PC
  3. time passes ….. the user forgets his account
  4. some bad guys hack example.com and do or don’t publish the user data via torrent

The user forgot the account and by this is not aware about the risk his accounts are in.

Step 4 happen last year to:

The databases from carders.cc and gawker are still available via torrent.

What you should learn from this:

  • Use different passwords for different sites
  • Change your passwords at least ones a year