One Of World's Largest Financial Institutions Hit With Data Breach

One of the world’s largest financial institutions has been hit with a cyber intrusion. London-based HSBC announced that an undisclosed number of customers were affected when some online accounts were accessed by unauthorized users between October 4 and 14th. However, it wasn’t from infiltrating the system in some devious attack, according to researchers, but through the technique called credential stuffing.

Credential stuffing means the attackers used stolen information, such as a login and password list purchased on the Dark Web to gain access to the accounts. This is useful because people tend to use the same login credentials for multiple sites across the Internet. However, if you do this, it is a very bad idea, for exactly this reason.

Passwords need to be unique to every single website you log into. They should also be difficult to guess and not contain personal information. For example, your pet’s name is not a good choice.

It’s understandable that you’d want to repeat your passwords. We are overwhelmed with passwords these days. It’s also reaching to expect us to remember each and every one when they are all different. There are ways that can help you.

You can use good old-fashioned pen and paper and write them down. Yes, if you’re doing this at work and you leave that paper accessible to anyone, you are certainly putting your company at a huge risk. So, hide it away and lock it up. Take it out only when and if you need to and guard it like Fort Knox.

Obviously, that is not preferred, but it carries the least amount of risk of someone getting ahold of it, since it’s only accessible to a limited number of people. But it’s still better than using the same password over and over.

You can also use a password manager. There are several available. This is certainly a good way to keep track, since they require a master password to your master account. Just keep in mind that if those companies experience a data breach, as several have, the attackers not only have your master password, but they may have ALL of your passwords. Still, this is better than using the same one on multiple accounts.

To make it a bit easier, try a different technique when creating them. Use a combination of upper and lowercase letters, numbers, and special characters in a base password. Start with that base and add onto it from the website you’re logging into. For example, your base is 7*dLeiK# and to create a unique password when using your Facebook account, you could use 7*dLeiK#FB. Doing this will make it highly unlikely that you’ll ever have the same password on more than one site.

HSBC has offered complimentary credit-monitoring and identity theft protection services to those affected. Just keep in mind that these services won’t prevent fraud or identity theft. They will just alert you if something seems suspicious. This gives you the opportunity to react quickly to these instances.

Even with these services, you should make sure to check your credit reports from all three bureaus every year. To keep a closer eye on them, order one from one of the agencies every four months. You can get them at no charge at annualcreditreport.com.

Information accessed on the victims included names, addresses, and account numbers. And even though passwords were not noted as being accessed, out of extra caution, be sure to change your HSBC online account password as well, even if you weren't notified by them.