CLEVELAND, Ohio – Recycling paper, bottles and cans is good. Recycling computer passwords is not.
The fact that so many people use identical usernames and passwords for multiple websites has led to an explosion of hacking incidents over the past decade, in which criminals take username and password combinations collected from one website and test them other websites to see if they unlock anything the hackers can use for financial gain.
Akron-based FirstEnergy is the latest company to report suspicious activity involving “numerous attempts to log into customer accounts” using credentials obtained from a source outside of the company. The company announced Sunday that it disabled six million customers’ online accounts and told them to reset their passwords. Other big companies that have reported mass hackings in recent years include Capital One bank, Target, LinkedIn, and Myspace.
Brian E. Ray, who heads the Center for Cybersecurity and Privacy Protection at Cleveland Marshall College of Law says large hacks of customer data from the internet have escalated in the past four or five years, with ransomware as the latest wrinkle in the evolving cat-and-mouse game of fighting cybercrime.
“The good guys are constantly trying to keep up with the methods and the bad guys are constantly innovating and shifting their techniques,” says Ray. “The more connected we are, the more we put online, the bigger the surface area becomes and the harder it is to protect it all.”
FirstEnergy says the vast majority of the attempts to log into customer accounts were unsuccessful. Company spokesperson Jennifer Young says that easily abused customer information like complete bank account or credit card numbers aren’t available through the company’s online account access.
“There was and is no threat or impact to electric service…