“Somewhere in Russia, a man calls for a car. Somewhere in New York City, a stranger’s phone buzzes.”
Imagine waking up one day to discover that someone in a foreign country was using your account to rack up charges. Many of us don’t have to imagine that unpleasant scenario, we’ve lived it.
That’s exactly what happened to Gimlet Media founder and frequent Reply All guest Alex Blumberg. When Blumberg discovered that someone was using his Uber account for rides in Russia, he initially assumed it would be a relatively easy problem to fix. But after Uber vigorously and repeatedly denied that any security breach had occurred on their end,he soon found himself deep inside the internet password black market.
His story is the subject of the latest Reply All episode, The Russian Passenger. The full podcast is below for those interested, and we’ll break down some key takeaways below to help you avoid the same fate.
The Big Takeaways
Hacks Can Be Years in the Making: Major hacks routinely happen, with millions of emails and passwords making their way to the dark web, often years before the public is aware the hack occurred.
In 2013 MySpace was hacked, but it wasn’t until 2016 that the emails and passwords were released. Similarly, it took four years for hackers to begin selling the passwords from the major LinkedIn hack of 2012.
Just because you’re not aware of a hack that may have revealed your information, it doesn’t mean it’s not out there. This brings us to our second big takeaway.
Don’t, Don’t, Don’t Use the Same Password: To return to the story that kicked off this discussion, in Alex’s case, it’s likely that his email and password were part of some previous release, and then hackers ran that login through a number of popular sites looking for matches.
Hackers do not need to hack Uber in order to gain access to an Uber account. They can simply obtain your information from anywhere, and if you reuse your password across multiple sites (Uber being one of them), they can access each of those sites.
“Password reuse is the main threat to ordinary users of the internet.” – Internet security journalist, and Reply All guest, Joseph Cox
So please, do not use the same password for more than one account. If you can do one thing to help protect yourself online, that’s it. And yes, all those different passwords means you’ll need a password manager, but we genuinely hope that doesn’t come across as self-serving. We invented RoboForm because we saw an opportunity to help people safely navigate what can sometimes feel like an increasingly hostile internet; and it’s good to hear Reply All carry out the same mission.