The hacking group Legion seems to be going after high level targets, in a campaign similar to the one executed by OurMine. The Legion group does not seem to be as sophisticated as OurMine, because they are choosing targets from an already compromised data, instead of deliberately finding ways to take down marks of interest. There are some elementary safety precautions that you can take to secure yourself against attacks by groups such as Legion.
One of the OurMine takedowns of Mark Zuckerberg’s social media accounts compromised Twitter and Pinterest at one go. Zuckerberg apparently used a “dadada” as the password, even though Zuckerberg is safe enough to physically put a tape over the webcam of his laptop. Being paranoid is a good idea when it comes to information security, and every additional security measure helps, even if it is a bit of tape. The main takeaway from the attack is to use different passwords for different accounts.
The leaked passwords used by Vijay Mallya in the hack showed that he had taken this precaution to a certain extent. A number of base text strings were used, with variations added on top. Now someone who has access to these base strings and variations can attempt to guess passwords for new accounts. It is important to constantly cycle passwords for critical accounts, and not share the same passwords across services. Variations might be simple to remember, but it is more secure to have completely different alphanumeric strings.
Keeping track of multiple usernames and passwords can be daunting, a secure password manager such as LastPass is better than saving your passwords in a notepad file in your email inbox. The mobile application available on iOS and Android allows users to store their passwords behind the biometric security offered by a fingerprint scanner. One common mistake is to write down your passwords on a sheet of paper, it is worse to list all your usernames and passwords on a single sheet of paper.
Constantly cycling passwords protects users from compromised dumps. If a service offers two factor authentication, it is better to activate it to prevent hostile takeovers to accounts. Most popular email, social networking and content distribution platforms support two factor authentication. Another vector of attack is through the secret questions set at time of account creation. Do not key in the actual answers to the questions, as someone who knows users personally can guess the answers. Instead use obscure questions, as well as hard to guess answers, even if a known person attempts to takeover your account. Guessing the answers to the secret questions is one of the most common ways accounts are compromised.
It is a good idea to check if any of your accounts have already been compromised. Haveibeenpwned is such a service that allows users to check if their email addresses or usernames are compromised in any of the large well known data dumps. These are large dumps of login credentials farmed from compromised third party sites.
The site will let you know in which dump your credentials appear, and you can take steps to safeguard that account. There is also a mention of what details were compromised in the particular hack. Users can sign up to be alerted when their accounts are compromised in future hacks. Checking the site periodically is a good idea to keep your accounts safe.
Be Safe… & Enjoy!