Security News

Sharing personal information plays part in Neiman Marcus hack

Deborah Salmi, 4 February 2016

Sharing personal information plays part in Neiman Marcus hack

Data that you share on social media could end up for sale on the Dark Web.

Adjust your privacy settings on social networks. You never know who may be watching!

The luxury retailer Neiman Marcus is the latest victim of a data breach. At the end of January, Neiman Marcus notified their online customers that unauthorized individuals attempted to access customer's online accounts by trying various login and password combinations using automated attacks. The hackers were able to accurately guess the username and password combinations and access some online accounts. Neiman Marcus reported that only a small number of these accounts were used to make unauthorized purchases.

Personal information shared on social sites combined with Personally Identifiable Information (PII) and username and passwords for sale on the Dark Web, are making data breaches of this type more common. Cybercrooks, terrorists, and nation states buy information from shady sites, then use it to break into banks, launder money, or make trouble for big U.S. companies like Neiman Marcus Group.

"These bad guys are assembling portfolios of individuals," said Avivah Litan, an analyst at Gartner in an interview with DataBreachToday about the breach. "They've got a big database of American citizens and all the data associated with their identity, and lots of different people are buying up this data on the Dark Web. And they're using this data to get to their targets."

Unsafe practices make hacker's jobs easier

Responsibility for customer safety belongs heavily with the organization. They should encrypt any customer contact information and use stronger authentication methods than just a username and password. But, we as consumers make the hacker's job easier by using the same username and password on multiple accounts. Once one set of credentials is compromised, then hackers will test them to get access to other websites.

We can take steps that make it harder for a cybercrook to gather information on us and break into our accounts.

Clean up those passwords

One of the simplest ways to protect yourself against online threats is to use strong passwords for each of your accounts. Passwords manager from Avast can help you manage passwords for multiple accounts across the web and create encrypted, strong, unique passwords. Every Avast Antivirus customer can use this feature for free.

Avoid oversharing on social sites

Social media is fertile ground for cybercrooks to gather personal information. Sharing something seemingly innocent like your dog's name, your birthday, or your mother's maiden name can give insightful crooks the answers to security questions of your bank account. Put that together with PII and they're in.

  • Lock down your social profiles. Each social site has security settings so you can have more control over who sees what you share. Use these direct links to update your privacy settings on popular devices and online services.
  • Limit the number of online quizzes you take. Yes, they are popular and fun but these quizzes can gather information about you, your interest, and your life assisting bad guys in creating an online portfolio of user information.