Weak Passwords Gives Hacker Access to Cell Network’s Client Data
Weak passwords are becoming an increased security risk for business owners and private individuals all over the world.
We often get into the habit of using weak, easy-to-remember passwords to save time and effort when logging into accounts, not realising that we are exposing ourselves to hackers by doing so.
The problems that weak passwords create, is not confined to personal accounts, and can also expose security risks for businesses, something that Sprint recently learned.
Sprint is the fourth largest US cell network with 55 million customers. By using two sets of weak, easy-to-guess usernames and passwords, a security researcher was able to access an internal Sprint staff portal. The portal’s log-in page does not use two-factor authentication, which enabled the researcher to gain access to personal customer data.
TechCrunch reported the issue to Sprint, who then confirmed the findings via email.
“After looking into this, we do not believe customer information can be obtained without successful authentication to the site,” said a Sprint spokesperson.
“Based on the information and screenshots provided, legitimate credentials were utilized to access the site. Regardless, the security of our customers is a top priority, and our team is working diligently to research this issue and immediately changed the passwords associated with these accounts,” the spokesperson said.
Having gained access to this portal due to weak passwords, a hacker would be able to perform unauthorised device swaps, would be able to change a customer’s cellular plan and replenish his/her account. They would also be able to perform SIM swaps – allowing them to effectively steal someone else’s cellphone number.
In hijacking phone numbers, hackers can break into online accounts to steal vanity Instagram usernames, and intercept codes for two-factor authentication to steal the contents of cryptocurrency wallets.
When we hear about incidents like these, it becomes clear just how dangerous weak passwords can be – we do not always consider the full impact that a password breach can have not only on our lives, but the lives of customers as well.
Avoid Weak Passwords
There are many ways to avoid weak passwords, but the most important rule when it comes to creating a strong password, is to have a different password for every platform – this way, even if one password does get compromised, hackers won’t be able to access all your platforms with that same password.
Generally, a strong password:
- Has 12 characters, minimum
- Includes numbers, symbols, capital letters and lower-case letters
- Is not a dictionary word, or a combination of dictionary words
For a more in-depth idea on how to create a strong password, click here.