Cyber security firms have been warning us for years that in the digital age nothing is personal, and this week’s cyber threats review reveals some very personal data: medical records, personal correspondence and even gaming habits, were all on display for the internet world this week.
Here’re three of the top entertaining topics from the cyber-verse this week.
1. WADA (World Anti-Doping Agency)
In the United States, as in many other countries, your medical records are protected by law. Your employers certainly cannot request to see them. Unless, that is, your “employer” is sort of the Olympic games. At that level of sport, examination of medical records and mandatory drug screenings exist to protect against chemically-enhanced undo advantage (aka “doping”).
Earlier this year the Rio de Janeiro Olympics faced a major doping scandal: 119 Russian athletes were banned from the Olympics and rumors spread that the entire Russian contingent might not get to participate.
So when news broke this week that WADA had been hacked by a group known as Fancy Bear, unsurprisingly Russia may have been behind the cyber attack.
Now world athletes are looking at the release of their medical records, along with potentially reputation-damaging reports, such as medical exemption for banned substances. For example, medications like the methylphenidate taken by gymnast Simone Biles are commonly banned by the Olympics, but since hers is prescribed by a doctor for her ADHD, she has a medical exemption.
Exempt or not, there’s not much to like about your medical records being released worldwide.
Speaking of information you might not want to share, what about your personal email? Ever had someone read an email you wrote, that wasn’t intended for that individual, and then you wish it could be retracted? What about your email being sold to the highest bidder?
It happens more than you might care to think, and it’s exactly what’s coming out of Russia right now: qip.ru and mail.ru have both been hacked with emails and passwords being sold on the cyber black market.
So what do you do? You could join the panic going on in Washington, D.C. right now and respond to the growing number of cyber threats coming in on cyber intelligence feeds by returning to a pre-digital age: no email, no texting, no phone calls (after all, it’s all digitally transmitted), or take another approach. Part of the problem with the hack of those Russian emails is that their passwords were recorded and not even encrypted, something strictly against standard operating procedure in the email world.
Still, if you hear the news and realize you haven’t changed your email password in a coon’s age and you still just use the same password anyone, with only a numeral added, go ahead and change it. Right now. We’ll wait here and tell you about this gaming hack when you get back.
3. Exile Mod
If you or a friend or loved one are a gamer, keep in mind the susceptibility of hacking in the gaming world as well. Exile Mod went public recently with a website hack. They took the opportunity to bring up some really good points about passwords, which we will delineate but also add to here, namely:
1. Change your password regularly. Monthly or even weekly would be best, if you have sensitive data stored anywhere, in particular.
2. Don’t use the same password for multiple sites.
3. Don’t use a word that is in the dictionary, even if you sub in a few numerals or add a few numerals to the end. Check out howsecureismypassword.net for some fun with passwords (but don’t use your real ones anywhere other than the correct login page!).
4. Don’t use default passwords, or even default administrator names if you can help it.
5. Compartmentalize! Don’t use blanket access names and passwords for all functions.
6. Beware of anything different-looking, such as an email link to a login site, instead of you going directly to a site.
Stay Out of the Headlines
If you want to enjoy the headlines (but stay out of them yourself!), stay tuned, but also subscribe to our cyber intelligence feeds from security experts.