With the story of the Yahoo hack (which involved a number of accounts from the old Associated Content feature Yahoo acquired some years ago — where the stored passwords were stored without encryption), passwords and personal security are once again in the news.
The Yahoo hack was an opportunistic one – the hackers discovered the vulnerable content on the clueless Yahoo’s server farm and the rest is a tiny, tiny footnote in cyber history (and maybe a bigger footnote in the next rise-and-fall-of-Yahoo book).
But there is another kind of attack — the targeted attack — which is very different and involves different tactics.
When a celeb or politician (where do you draw that line these days?) gets their personal email or other account hacked, it’s likely they were targeted and that the hackers made a conscious effort to game their way into the target account.
In the case of the fellow who gained access to Sarah Palin’s Yahoo email account in 2008, the 18 year old perpetrator (sentenced to a year and a day in federal prison and 3 years of supervised release), according to Wikipedia, “… obtained access to Palin’s account by looking up biographical details such as her high school and birthdate and using Yahoo!’s account recovery for forgotten passwords.” In other words, it was an informed guess. Or guesses.
And that is why, if all your creepy ex-boyfriends know your kitty’s name is Fluffy, you shouldn’t use your pet cat’s name as your password. Nor should you use your kids’ names, your hometown, your birthday, and so on.
Blogger John P. on his One Man’s Blog lays out how he would gain access to your account in this article: