Equifax Settlement after Massive Data Breach

An Equifax settlement has finally been reached – nearly two years after their massive data breach. The company has agreed to a global settlement with the Federal Trade Commission and the Consumer Financial Protection Bureau. The settlement includes a Consumer Restitution Fund totaling up to $425 million to help people affected by the data breach and another $175 million going to all 50 U.S. states and territories.

Padlock with Identity Theft Theme
Nearly 148 Million Records Exposed!

TOTAL INEPTNESS

It was in September of 2017 that Equifax, one of the largest consumer reporting agencies in the world, suffered a data breach that affected roughly 148 million consumers – nearly half the U.S. population.

Equifax’s failure to maintain and update their security system is what caused this preventable breach. Despite knowing about a critical vulnerability in its software, Equifax failed to fully patch its systems. The breach went unnoticed for 76 days.

This epic breach enabled hackers to penetrate Equifax’s systems and exposed the private data of 56% of American adults. Breached information included Social Security numbers, names, addresses, birthdates, credit card numbers and some driver’s license numbers too.  It was, and still is, the largest and most damaging breach of highly sensitive consumer data.

RESTITUTION FUND – JUST A MERE $2.87 – PER VICTIM!
Equifax Settlement
Barely A Slap On The Wrist!

The Equifax Settlement includes a Consumer Restitution Fund totaling up to $425 million that will go to consumers who can demonstrate that they were financially harmed by the breach.  $300 million is dedicated to addressing consumer redress. However, if the $300 million is exhausted, the fund can increase by up to an additional $125 million. The company must also offer up to 10 years of credit monitoring services to those affected by the breach. If you don’t want the credit monitoring service, you may be able to opt for a $125 cash payment, unless they run out of funds. You can’t get both!

Furthermore, Equifax has agreed to take several additional steps to assist consumers who are either facing ID Theft issues, or who have already had their identities stolen. It includes making it easier for consumers to freeze and thaw their credit and making it easier for consumers to dispute inaccurate information contained in their credit reports.

Additionally, the Equifax settlement requires the company to maintain sufficient staff dedicated to assisting consumers who may be victims of identity theft. For at least seven years, Equifax will provide free assistance to victims via their Identity Restoration Services. In other words, if you discover there was misuse of your personal information, call the settlement administrator at 1-833-759-2982 and you will be given instructions for how to access Equifax’s free Identity Restoration Services.

WHAT DO I NEED TO DO NOW?

Equifax is offering FREE Credit Reports for ALL U.S. Consumers. Starting in January 2020, all U.S. consumers can get 6 free credit reports per year for 7 years from the Equifax website. That is in addition to the mandatory free credit report everyone is entitled to each year from each of the three credit bureaus that you get from going to www.AnnualCreditReport.com

To find out if you were one of the over 147 million victims of Equifax’s data breach and an eligible class member, call 1-833-759-2982 or you can click here

*NOTE: If you wish to file a claim, you must file your claim by January 22, 2020.

Visit the Federal Trade Commission’s website for info on How to File a Claim

Read a previous article I wrote about the Equifax Breach to learn how it all came about. And Here for Part Two of that article.

PUBLIC WIFI IS NOTORIOUSLY RISKY

Public WiFi is Notoriously Risky!

If you intend to bring your internet devices with you when you travel, you must consider the inherent dangers of Public WiFi.

Public Wi-Fi Is Not Safe
Public Wi-Fi You Must Protect Your Data

Pubic WiFi is Not a Private Secure Internet Connection

Therefore anyone can access the network and anyone can eavesdrop on what’s being transmitted via Public WiFi. People tend to let their guard down while traveling. Security is put on the back burner and we tend to do things that increase our chances of getting hacked.

According to a survey conducted by Morning Consult for IBM Security, 70% of travelers take unnecessary risks while on the road. They connect to public WiFi, charge a device on a public USB station, or enable auto-connect on their wireless devices.

Hackers Set Up Fake Public WiFi Hot Spots

A skilled Hacker will typically give their fake WiFi Network a name that’s similar to an authentic connection. If it’s a hotel, they will choose a name with the hotel’s name in it or if it’s the airport, they will choose a network name that includes the airport’s name or the name of the airlines. The same goes for coffee shops or other internet hubs.

If you are inadvertently fooled by a hacker’s fake WiFi Network, you’re now giving that network permission to start taking data off your device. Furthermore, if your device is set to auto-connect, you might be leaking your personal data and not even know it.

You can’t eliminate all digital threats when you’re on vacation, but you can significantly reduce your chances of having a problem by following these tips.

TIPS TO KEEP YOU SAFE

  • Any device you use, outside your own home network, including your smartphone, laptop or tablet should have a VPN (Virtual Private Network) installed. A VPN encrypts the data leaving your device.
  • Before turning the VPN on, be sure to shut off WiFi and close all apps. After connecting to Wi-Fi, via your VPN, it’s safe to open up any app.
  • Never have your devices set to auto-connect. If your device automatically connects to a free WiFi Hotspot, your device is vulnerable to hacking.
  • Keep the WiFi on your smartphone turned off until you need it. Cellphone data is encrypted when it travels via your phone’s mobile network.
  • Never bring your business laptop with you when on vacation. Bring a spare one that has no corporate data on it. If you need to access corporate data or your company email, do it through the cloud.

Remember, we’re more vulnerable to digital security intrusions when we travel. Don’t opt for convenience over security.

Here is the link to the IBM Survey

Read a previous article of mine about how to keep your online data safe

 

VOICE ACTIVATED ASSISTANTS

VOICE ACTIVATED ASSISTANTS POSE PRIVACY CONCERNS

Voice Activated Assistants, aka Digital Assistants, like “Alexa” and “OK Google” have become very popular. Over 20 million homes already have a voice activated assistant installed in their homes.

These digital assistants may be the latest rave in cool technology, but the devices have created new privacy concerns and security vulnerabilities. They could potentially expose personal data like your bank account info and your contact list. So, while it may be fun to own one, be aware that voice activated assistants pose a risk, if a cyber-criminal is able to hack into it.

The digital security firm Symantec released a report about voice activated assistants. The report states that “The range of activities that can be carried out by these speakers, means that a hacker or even a mischief-minded friend could create havoc, if they were able to gain access”.

Voice Activated Assistants
THEY’RE LISTENING!

WHY? IT’S ALWAYS LISTENING!

The user must first use a wake-up command such as “Alexa” or “OK Google” to activate the digital assistant. Therefore, the device must always be listening, waiting to be activated by that command. This can cause unintentional or accidental triggering. Even a radio, TV or streaming video, playing in the background, might inadvertently set it off.

Once the device is awake, it will record what is said and then sends that recording to a server, where it is stored. However, you do have the option to listen back to these recordings and delete them if you wish.

Symantec’s threat researcher sees a potential danger from these ‘always listening’ digital assistants. He states, “Someone could hack into these devices remotely and then turn them into a listening device”. “Some of them even come with cameras, so they can also see what you are doing”.

Pam Dixon, executive director of the World Privacy Forum, cautions against allowing your digital assistants to store passwords, your contact info or credit card data. Additional dangers include the fact that the device may come with a purchasing option, which is usually turned ON by default. You should set a security PIN or disable the feature.

CRIMINALS CAN TAKE CONTROL

Voice Activated Assistants are designed to be hubs that can control other devices or appliances in your home. These other external devices are referred to as the “Internet of Things” (IoT). Gadgets like lights, cameras, thermostats, coffee makers, alarm systems and door locks are all part of the Internet of Things.

Be aware that the convenience of these IoTs, may create new vulnerabilities. For example: if you connect your door locks or alarm system to your digital hub, then a burglar could command your digital assistant to “open the door and turn off the alarm”.  Additionally, any device connected to the internet is vulnerable to Malware. Always be sure to change the default password and assign a stealth password to each of them.

TIPS TO KEEP YOU SAFE

  • Be careful which accounts you connect. Don’t connect things you don’t need to use, like your address book or calendar.
  • Always use long strong passwords and enable 2-step authentication if it’s available. Remember that anyone with access to your account can listen in remotely, play back recordings, change settings and access personal information.
  • Be sure that your voice activated assistant is linked to your private home or office Wi-Fi network. Password protect your Router.
  • Devices made by Amazon and Google both offer voice recognition, so use that feature. But realize it’s not foolproof.
  • Remember to put the device on Mute when you go on vacation.

To learn more about the danger posed by these gadgets, read my prior article about the Internet of Things.

DARK WEB MONITORING

Dark Web Monitoring – Is It Worth The Cost?

Consumers are coughing up anywhere from $10 to $30 per month for identity theft protection. Credit monitoring companies usually include dark web monitoring to their list of services. But is dark web monitoring really worth its salt? Consumers are under the false assumption that they can rely on these credit monitoring companies to keep them protected. THEY CAN’T!

Results of a recent survey by Consumer Federation of America (CFA)

~ 36% of those who’d seen ads for dark web monitoring incorrectly believed identity theft services can remove their personal info from the dark web.

~ 37% mistakenly believe dark web monitoring services will prevent stolen information, sold on the dark web, from being used.

Dark Web Monitoring

What is the Dark Web?

It is the go-to place on the internet where criminals buy and sell stolen personal information. Well known, commonly used internet browsers such as Google Chrome, Firefox or Mozilla won’t get you there. You need a special browser such as Tor. Most of this stolen information is gleaned from criminals that hack into compromised businesses and personal computers. Here’s what these nefarious actors are after: social security numbers, credit card info, usernames & passwords, bank account info, medical info, birth dates, email addresses, names, addresses, phone numbers, etc., etc.

REALITY CHECK!

No one can erase any of the stolen data that ends up on the dark web. No one can prevent your stolen data from being sold or used. Therefore, credit monitoring companies are only able to ‘alert’ you (after the fact) once they discover that your personal info is up for sale on the dark web.

If you’re wondering whether or not your personal info is on the dark web, the answer is YES, of course it is. You don’t need to pay a credit monitoring service to learn that! Hackers stole nearly a half a billion records in 2018 alone!

The Equifax data breach exposed the social security numbers, birth dates and other personal info of 148 million Americans. About 6.4 million records are reported stolen every day. If you’re still not convinced, and want to see the raw data, go here for real time data breach statistics.

Odds are very high that your info has already been bought and sold to numerous criminals on the dark web. You can’t change your social security number or date of birth. With so much of everyone’s info already compromised, individuals must do everything they can to make it more difficult for criminals to use that stolen data.

Does Dark Web Monitoring Have Any Value?

Security experts say dark web monitoring is just a scare tactic used by credit monitoring companies. Fear of the unknown motivates people. Neal O’Farrell, executive director of the Identity Theft Council  says it’s all really “just a smoke and mirrors deal” created by credit monitoring services to justify the monthly fee. O’Farrell states “They keep adding on these extra services that are truly valueless and don’t go to the cause of the problem”.

6 Important Things To Protect Yourself

1.) Check your credit report regularly with all 3 credit bureaus. By law you are entitled to a free annual report from Equifax, Trans Union and Experian. All three companies must provide a free credit report to you, upon request. So, NO EXCUSES – It’s FREE!  Stagger your requests throughout the year by requesting one credit report from one company, three different months during the year.

2.) Place a “Freeze” on your credit file with all three credit bureaus. There is no cost to freeze your credit. So, again, no excuses! Placing a credit freeze prevents a fraudster from obtaining credit in your name. A credit freeze is much more secure than the credit monitoring packages being sold by the credit bureaus and other credit monitoring companies such as LifeLock. Also, don’t let the credit bureaus try to talk you into placing a “Credit Lock” instead of a Credit Freeze”. Credit Locks do not have the same consumer protections that a Credit Freeze provides.

3.) Use two-factor authentication as a secondary firewall to prevent criminals from impersonating you. Also referred to as “2FA” – Two-Factor Authentication is an extra layer of security that requires not only a username and password, but also something that the user has on them like an email address or a cellphone that a code can be sent to. This proves that you are who you claim to be before you can obtain full access to your account.

4.) Use stealth and long passwords (at least 12 or more characters) that are hard to crack. The best passwords are phrases mixed in with symbols, numbers and upper & lower case letters. Don’t use obvious things like, mother’s maiden name, birth dates, addresses, phone numbers or any info that can be gleaned from your social media account. NEVER use the same password for other log-ins. Why? If your password is compromised, a criminal will try using that password to log-in to other websites, like banks, PayPal, Amazon and other commonly frequented websites. Also, be sure to change passwords every so often, especially if you learn of a data breach that affects a website or an account you have with a company.

5.) Monitor your accounts whenever your bank and credit card statements arrive. Be sure to also check your Explanation of Benefits for medical services. Correct any errors you find and report any discrepancies.

6.) Keep your software updated and back up your data. Whenever there is an update available for your software programs, be sure to follow through and perform a timely update. Better yet, set your programs to update automatically. Make a habit of backing up your important files on a regular basis. Back up all files that you wouldn’t want to lose if your computer ever crashed.

There’s no 100% guarantee that following these steps will fully protect you from becoming a victim of identity theft, but it will certainly lower your chances.  Awareness and constant vigilance is paramount in this game of cat and mouse.

You can read a prior article I wrote about Credit Freezes here

INTERNET OF THINGS TICKING TIME BOMB

THE INTERNET OF THINGS – Could Be A Ticking Time Bomb

The “Internet of Things” is a term that describes any gadget, gizmo or tech equipment that is connected wirelessly and controlled over the internet. Some examples of the connected devices that make up the internet of things are webcams, refrigerators, smart TVs, thermostats, copiers, medical devices, automobiles, alarm systems, baby monitors, fitness bands, computers, modems, routers, digital recorders, etc.  For purposes of this article, I will refer to them as “IOT” devices.

Presently, the estimated number of IOT devices is approaching around 5 billion devices. That number is expected to rise to 25 billion by 2020. A study by HP Security Research concluded that 70% of the most commonly used IOT devices had serious security flaws. 90% of these IOT devices were using unencrypted network service and 70% were vulnerable through weak passwords.

Internet of Things
Change the username & passwords on these gadgets

THIS POSES A VERY BIG PROBLEM!

The security flaws common in so many of these contraptions allow any skilled hacker to easily take control of one or more of these devices. Therefore, hackers are constantly searching the web trying to break into one of these IOT devices. Once a hacker gains control of one of these devices, the hacker can then gain access to the other connected devices – that are also connected to your Wi-Fi network.

Many of these devices are really only unsecure because the user doesn’t bother to change the assigned factory settings. They forget or neglect to change the username and password when they connect the device to their home Wi-Fi network. Hackers know the factory default passwords assigned to these devices.

So, if the user doesn’t change the default settings to something long and complex, then that device will be an open invitation to any hacker. Consumers are usually unaware of this and may not know how to even begin to secure these poorly-secured IOT devices. Furthermore, it is often up to the consumer to check to see if the manufacturer has a firmware update available for them to download.

Worse yet, there is no current security standard required of the manufacturers of these devices. Additionally, a lot of these devices are designed and manufactured in foreign countries that really don’t care about security vulnerabilities.

The FTC is starting to take this problem seriously and urging businesses to build better security into their IOT devices. They are also preparing to regulate IOT devices in an effort to protect consumer’s privacy and security.  They specifically want to start by regulating automobiles and mobile-payment methods such as Apple Pay.

TIPS TO HELP PROTECT YOURSELF

  • Don’t store personal information on any device – including your real name.
  • Change the default username and passwords on all of your home network devices.
  • Periodically check the manufacturer’s website to see if a firmware update is available.
  • Use a different complex password for each one of your devices, so that if one device gets hacked, your other devices will not be jeopardized.
  • Use anti-virus and anti-malware software on your home computer network and set them to automatically download any new updates.
  • Keep your smartphone protected – it is the gateway to your car’s connectivity and many other IOT devices. Be sure your smartphone is password protected and has anti-virus and anti-malware installed on it.

For more in depth information about the internet of things, Brian Krebs of Krebs on Security, has an excellent article about this topic. Here’s the link to it:  https://krebsonsecurity.com/2018/01/some-basic-rules-for-securing-your-iot-stuff/

ALSO, be sure to read a previous article I wrote about Router Security

EQUIFAX BREACH AFTERMATH

Aftermath of the Equifax Breach    (PART TWO)

It’s barely been a year since the Equifax Breach became one of the largest data breaches in U.S. history. Equifax’s gross negligence resulted in hackers stealing the social security numbers and other sensitive information of 148 million Americans.

Equifax Breach
Guard your identity with everything you’ve got

As a result of the Equifax breach, the company offered one full year of free credit monitoring. Knowing this, criminals are just biding their time, waiting for the year to expire. They know that once the free credit monitoring expires, the public will feel safe again. They expect consumers  will become more lax about protecting and monitoring their personal information. This would be a big mistake for consumers. Since you can’t change your SS#, you must remain ever vigilant.

YOUR DATA WAS ALREADY OUT THERE!

News Flash! Although the Equifax breach was massive, much of the consumer data exposed in that breach was already available to criminals. The majority of American’s most sensitive personal data has already been compromised for several years. It is then sold on the cyber-underground to the highest bidder. If you have any doubt, realize there were 1579 separate data breaches in 2017 alone. Millions of records are exposed in those breaches.

Therefore, even if you were not a party to the Equifax breach, you need to assume that your personal info is already out there for sale. So you need to continue to protect your data for the rest of your life. One of the best ways to protect yourself is to place a freeze on your credit file.

 

EEquifax Breach Credit Freeze
Credit Freezes keep the bad guys out!

Credit Freezes – will soon be FREE

Starting September 21, 2018 you can place, temporarily lift, or remove a Credit Freeze for FREE.  Because each person has their own credit file, each individual should lock down their credit report by placing a freeze on their file.

Once the freeze is in place, only you, (the person who placed the freeze), can view your credit file. Everyone else would be locked out, unless you choose to grant them access to it. Access to your credit file is granted by either placing a temporary lift or by removing the freeze.

According to the U.S. Federal Trade Commission, all three credit bureaus must set up a web page to assist consumers with placing a credit freeze.

A WORD OF CAUTION!

Once you begin the process of freezing your credit, you may be enticed to place a Credit “Lock” instead of a Credit “Freeze”. Do NOT be fooled into placing a Credit “Lock”. These are being pushed as an alternative to a Credit “Freeze” by all 3 credit bureaus. Credit Locks do not offer the same legal protections to consumers as a Credit Freeze. So, don’t be fooled!

You should also be sure to place a credit freeze for your minor children. Child ID theft is a criminal’s dream. The theft of a child’s identity is usually not discovered until years later. By that time, the damage is done, and the thief is long gone.

Additionally, all 3 credit bureaus are now required to offer FREE electronic credit monitoring services to all active duty personnel.

CONTINUE TO MONITOR REPORTS

As a habit, consumers should obtain a free credit report from each of the 3 credit bureaus by visiting www.annualcreditreport.com  This is the only federally authorized website to get your free credit report. Each of the credit bureaus must provide consumers with a free credit report, once a year. The smartest way to accomplish this is to stagger your requests during the year.

Here’s How:

In January, go to the website and request only one free report from Equifax. Then again in May, request one free report from Trans Union. Lastly in September, request your free report from Experian. This method gives you the opportunity to review your credit report for free over the entire year.

THAT’S NOT ALL FOLKS

To further protect yourself, it’s also important to request a report, monitor or lock down four other lesser-known consumer reporting agencies such as:

ChexSystems: provides account verification services for banks & financial institutions.

Innnovis: provides ID verification data to assist with fraud detection and prevention.

(NCTUE) National Consumer Telecommunications & Utilities Exchange.  NCTUE is a credit checking clearinghouse used by mobile phone providers and utility companies.

Lexis-Nexis: Collects info from public records & data sources such as real estate ownership, liens, judgments, bankruptcies.

 

NEVER HEARD OF THEM

There are dozens of other companies you never heard of that provide consumer reports to specific industries. The Consumer Financial Protection Bureau (CFPB) produced a list of all the known entities that maintain, sell and share tons of data on U.S. citizens. The link to the pdf document is here

The pdf document provides information and the links to the websites of 46 different entities. It also provides information about your legal rights to obtain the data in your reports and dispute any inaccuracies contained in them.

Remember that your data is only as safe as the companies and organizations that are tasked to protect that data. The vast majority of them are doing an abysmal job. So, it is up to you to protect your data and to remain vigilant at all times.

ONE MORE REASON

If I haven’t yet convinced you to freeze your credit file, here’s one more reason to do so. All 3 credit bureaus make a nice profit from selling copies of your file to others. Thus, freezing your credit file will deny them a steady revenue stream. Why should they be allowed to profit from selling your personal info; especially when they do such a lousy job at protecting it. What a perfect way to hit them where it hurts – their corporate bottom line!

You can learn more about credit freezes by reading a prior article of mine HERE

EQUIFAX DATA BREACH – 1 YEAR ANNIVERSARY

Equifax Data Breach – one year later     (PART ONE)

It’s been about a year since the Equifax Data Breach was announced. It was one of the largest data breaches in U.S. history. Their negligence resulted in hackers stealing the social security numbers and other sensitive information of 148 million Americans. What has happened since?

Equifax Data Breach
GUARD YOUR NUMBER

Equifax is one of three major credit reporting agencies. Their data files contain highly sensitive information on millions of us. Any company responsible for collecting sensitive data should be required to take any and all precautions necessary to protect that information from criminals. The Equifax data breach proved that they failed miserably! As with so many prior breaches, this one was entirely preventable.

The scope of this massive breach should have shocked Washington to enact sweeping reforms. You would think that if the social security numbers of over half the adult population of the U.S. were exposed, that Congress would take appropriate action to fix the problem. So what did Congress do to punish Equifax and protect its citizens from future calamities?

Well – One year later, not much has changed

At first, there were Congressional hearings where discussions focused on setting new Federal standards for how companies like Equifax secure data.

Investigators looking into how the breach occurred discussed imposing a penalty for Equifax’s failure to timely patch the vulnerability hackers exploited to steal their data.

A national breach notification law was discussed that would require a time frame wherein companies must notify the public once personal info is stolen from a data breach.

BOTH BILLS PETERED OUT! 

Why? “Regulation is tough in this political climate,” said Tom Gann, the chief public policy officer at McAfee.  Congress was too busy focusing on another more pressing cyber-security issue – Russian interference in our elections. Congress can’t seem to focus on more than one cyber-security issue at a time.

Equifax Data Breach
Are You Angry Yet?

The government’s Consumer Financial Protection Bureau (CFPB) recently reported that the Equifax investigation is ongoing.

Michelle Richardson, director of the Privacy and Data Project at the Center for Democracy and Technology (CDT) says she is still optimistic about Equifax-type legislation in the new Congress.

ON THE BRIGHT SIDE

States like New York and California have since put their own protection regulations in place and 48 State Attorneys General are investigating the firm. Equifax also faces more than 240 class action lawsuits.

The FTC is also examining the Equifax data breach, which may result in Equifax facing large financial penalties. In a prior 2012 settlement with the FTC, Equifax was slapped with a $393,000 penalty.

Additionally, the Equifax breach did at least cause a spike in the number of financial firms that have since beefed up their investment in better cybersecurity.

You can read my original article about the Equifax Data Breach here

In PART TWO of my article, I will give you tips on things you can do to protect yourself. So stay tuned…

FBI Warns of Router Vulnerabilities

Router Vulnerabilities

The FBI is sounding the alarm and giving an official warning about router vulnerabilities. Apparently, foreign hackers are using a type of malware called “VPN-Filter” to target routers around the world. These router security vulnerabilities were present in many of the most popular router brands.

Your router is often one of the most overlooked of all your computer devices. Realize that hackers can and often do break in to a router, just as easily as any other device on your computer.

Router Vulnerabilitles
Check for updates every 90 days

 

SO WHAT IS A ROUTER ANYWAY?

A router is defined as a hardware networking device that routes data from one computer network connection to another, on the internet. It performs traffic directing functions that allow authorized machines to connect to other computer systems. They are in essence electronic devices that join multiple computer networks together.

If your router becomes compromised, the security of all the devices that utilize that router, are in jeopardy. Once infected, Malware causes the router to block all network communications, thus rendering your router inoperable.

ADVICE FROM THE F.B.I.

According to the FBI, this Malware is difficult to detect and defend against. Therefore, the FBI is recommending that owners of home offices and small office routers should immediately reboot their routers. By doing so, it can disrupt this newly discovered Malware. The FBI is also recommending that, if you have not already done so, immediately change the “default” password and choose a new strong and long password.

Lastly, the FBI is also advising everyone to upgrade to the latest version of their router’s firmware.  Unfortunately, the companies that produce routers don’t automatically notify you when an update is available. So, it is up to you to look for them and download them yourself.

In order to do so, you need to use your internet browser to log into your router, using your router’s IP address. By default, most router manufacturers use 192.168.0.1 or 192.168.1.1 as the IP address.

Alternatively, using Windows 10 you can find your IP address by going to your Settings and choose the Network and Internet icon. Next choose Ethernet and click on your network. Then scroll down to Properties to find it.

It is recommended that you check for updates every 90 days. Below are the links to more information for updating the most popular brands of routers.

Apple:   https://support.apple.com/en-us/HT201519

Asus:  https://www.asus.com/microsite/2014/networks/routerfirmware_update/

D-Link:  http://support.dlink.com/

Linksys:  https://www.linksys.com/us/support-article?articleNum=135561

Netgear https://kb.netgear.com/23442/How-do-I-update-my-NETGEAR-router-firmware-using-the-Check-button-in-the-router-s-web-interface

SCAN YOUR ROUTER FOR ANY BREAK-INS

Using the link below will enable you to check your router for any break-ins.  It is a safe and free service that is specially designed to scan your router to make sure there are no hackers lurking in your router.

Here is the link:

https://www.f-secure.com/en_US/web/home_us/router-checker

Just click the “Check Your Router” icon and you’ll receive an instantaneous report.

EVERY YAHOO CUSTOMER HIT BY 2013 BREACH

Way back in 2013, Yahoo had 3 Billion customers worldwide – who had a user-account with them. ALSO – way back in the month of August 2013, every single Yahoo customer was affected by a historical data breach. Yes, EVERY SINGLE Yahoo customer was affected in that 2013 breach, totaling 3 Billion accounts!

Every Yahoo Customer
DO YOU YAHOO?

Additionally, Yahoo was hit by another breach in 2014, which they said affected around 500 million of its customers. This breach is believed to be a separate incident from the 2013 breach. In March of this year, the Dept. of Justice indicted four people in connection with the 2014 breach – two Russian spies and two hackers.

It is unclear who was behind the 2013 breach, but the stolen data was up for sale on the dark web shortly afterwards. The dark web is an underground murky network, only accessible through special software, where criminals buy and sell their stolen data.

The compromised information included names, emails, phone numbers, birth dates, encrypted (hashed) passwords, security questions and the answers to those security questions. The stolen passwords were hashed, which is a form of encryption. It will therefore, be more difficult for crooks to crack them.

Although no financial information was stolen from every Yahoo customer, the info that was stolen is more than enough data for any criminal to use, for purposes of identity theft AND account takeover. 

Yahoo will be sending out notices to the additional affected accounts. Following their prior hacking revelation, Yahoo required password changes and invalidated un-encrypted security questions, in order to protect user info.

WHAT CAN YOU DO ABOUT IT? 
  • ALWAYS use unique passwords for each of your accounts. It is never a good idea to reuse the same passwords. Also, change your passwords periodically.
  • Make your passwords long, complex and hard to crack. Use sentences or phrases. Mix it up with numbers, symbols and upper & lower case letters.
  • Use two-factor authentication on all your important accounts. A code will be sent to your phone or email before you can successfully login to your account.
  • Beware of fake targeted emails that claim to be from Yahoo. These fake emails appear to be legitimate and will contain links and/or attachments designed to lure you into clicking on or opening them up. You’ll end up infecting your computer if you do!
  • Information you post on social media, coupled with what’s available via pubic records, makes it easier than ever for crooks to guess your security questions. So, use nonsensical answers to security questions instead of the actual real correct answer. For Example: Question: Mother’s maiden name – Answer: Pizza. Be absolutely sure to keep a record of those nonsensical answers you used, you may need them for future reference.