Lessons from Recent High-Profile Security Breaches for Protecting Your Bank Accounts

Gawker Media, McDonald's and Walgreens have recently been hit by hackers. No financial data should be at risk, but there are some things to learn from these incidents to help protect your bank accounts.

Protecting Passwords

Gawker Media reported that their servers were compromised, resulting in a security breach at sites like Lifehacker and Gizmodo. The user names and passwords of registered users were leaked. The passwords were encrypted, but they're still vulnerable to hackers. Registered users have been advised to change their passwords at both the Gawker Media sites and any other sites in which the same passwords were used.

One important thing to note regarding this Gawker Media incident is to avoid sharing passwords. At the very least you should have unique passwords at each of your financial institutions.

Another thing to help avoid problems is to keep ensure you use strong passwords. Once hackers get hold of a list of encrypted passwords, they can apply programs to the lists to try to uncover the passwords. Dictionary words are easy to break. Mixing capital letters, small case letters, numbers and special characters into your passwords can make it tougher for hackers.

Protecting Email Addresses

At McDonald's and Walgreens email addresses used in email lists were compromised.

McDonald's described the security breach on its website. Here's an excerpt:

Recently McDonald’s was informed by one of its partners that limited customer information collected in connection with our promotions or websites was improperly accessed by a third party. Limited customer information such as name, address, phone number, birth date and gender was included in the information that was accessed. It is important to note that this incident has nothing to do with credit card use at the restaurants. The database did not contain any credit card information or any other financial information.

Walgreens sent emails last Friday to its email subscribers informing them of the unauthorized access of email addresses. Here's an excerpt from Walgreens' email:

We recently became aware of unauthorized access to an email list of customers who receive special offers and newsletters from us. As a result, it is possible you may have received some spam email messages asking you to go to another site and enter personal data.

The main risk of these incidents is that hackers could use these email addresses and other information to trick you into giving out your personal info. This can be avoided if you don't click on links or open attachments in emails from questionable sources.

Another risk is that these email addresses will be used by spammers. There have been past allegations that banks have leaked email addresses of their customers, and these were used by spammers. Back in 2006 several readers made allegations that EmigrantDirect leaked customers' email addresses. These readers created unique email addresses that were used only for EmigrantDirect. When they received spam to these addresses, they were able to pinpoint the source of the spam. Some have suggested this might be due to spammers just mass mailing to random addresses or spammers picking up addresses as the messages are transmitted across the web. However, readers reported this has only occurred with their Emigrant email and not others, so it appeared that the problem was with Emigrant.

Giving Out Your Email Address

These incidents show why it's a good idea to create disposable addresses or unique email addresses when you give your email address to any website. This also includes bank applications. Many of the popular email services allow this.

Yahoo email allows you to create disposable addresses. Emails sent to the disposable address will go to your regular email address. Not only will the "to" address be the disposable address, Yahoo gives them a special mark in the email summary. If one of these disposable addresses become a target of spam, you can delete the address.

Google gmail allows you to make an email alias by adding "+alias" to your email address. For example, if you're applying at MyBank, you could give them the email address of john.doe+mybank@gmail.com. If anyone besides MyBank sends you email to this address, you'll know that email addresses at MyBank may have been compromised. You can then set up filters to automatically direct these messages to Trash.