Virtual threat actual concern : The Tribune India

Join Whatsapp Channel

Virtual threat actual concern

The last few weeks have seen much debate and discussion over the concept of online privacy.

Virtual  threat  actual concern


Vaibhav Sharma

The last few weeks have seen much debate and discussion over the concept of online privacy. Ever since TRAI chairman RS Sharma published his Aadhaar number and challenged anyone to cause him harm with it, numerous posts have cropped up which claim that his PAN, date of birth, mobile number and email address have been outed as a result. Some even claimed to have deposited one rupee in his bank account. Sharma, on the other hand, has said that this information was already available in the public domain via Google searches and publishing his Aadhar did not contribute to increasing his digital vulnerabilities.

While the jury is still out on the threat that Aadhar poses to a citizen’s privacy, it is important to remember that even without Aadhar, your private information isn’t as private as you would like it to be. With your mobile number alone people can access your WhatsApp display picture, find your Twitter profile. With your email address, locating your Facebook and Instagram accounts isn’t hard. Then it’s only a question of finding a geo-tagged tweet to know your possible location, area of interest. A casual scroll down your Facebook wall may reveal old birthday wishes, exposing your birthday.  In a matter of hours, people may easily be able to put together a brief profile about you.

If like most you choose one password and stick to it for every website for years at end, then you’re in far more danger. A lot of popular websites have had their databases breached over the years, resulting in your login details being exposed. If these details are the same across various portals, you can imagine what someone might be able to achieve.


How to protect yourself

  • Visit the website haveibeenpwned.com and enter your email address to see if any website you have an account with has had its database compromised. 
  • If your email address has been compromised, and chances are it would have been somewhere or another, the website will give you a list of websites where it occurred. Also available will be the extent of the breach and whether your password was illegally obtained.
  • If you’re in the habit of using the same password across various websites, immediately change it.
  • One example is the case of Yatra.com. In September 2013, it had 5 million records exposed in a data breach. The data contained email and physical addresses, dates of birth and phone numbers along with both PINs and passwords stored in plain text. Similarly, the databases of companies like Zomato, Tumblr, MySpace, Last.fm, Dropbox and more have all had their user details compromised to varying degrees. 

Kinds of scams

  • Hacked databases from companies that contain millions of records are sold on the dark web to persons who look to monetise them. 
  • If such a person knows both your email address and password, you may receive an email in which the ‘hacker’ claims to have penetrated your system, recorded your private moments though the computer’s webcam, and offers your own password as proof of the same. Given that the hacker knows your password, you’ll be inclined to believe him. Next would be the demand of a ransom, payable through bitcoin. The threat would be sending the said video to all your contacts.
  • Next, the so-called hacker may lock you out of your email or other services by changing the password and recovery email address. This would also be followed by a demand of a ransom to unlock access.
  • If you receive such an email, there is nothing to worry. The so-called hacker has nothing on you and is only attempting the blackmail in the hope that you’ll take the bait. 

Be Careful with your mobile number and Email address

  • As the mobile number and e-mail address are often usernames for most services/websites, anyone who wishes to access your account already has a piece of the puzzle.
  • Therefore, it is prudent to use a secondary, preferably non-public email address as your username to sign up to sensitive websites. 
  • It is important to enable two factor authentication wherever the service offers it. Enabling this means that your password won’t be enough to sign into a service, a secondary validation such as an OTP would be necessary. 
  • Use a password manager such as Apple’s in-built offering if you use an iOS device, LastPass, 1Password or similar. These services assign independent complex passwords for your login accounts, and you just have to remember one password for the password manager, and it takes care of the rest. 

Top News

Chief Judicial Magistrate's court in UP's Banda orders judicial inquiry into death of gangster-politician Mukhtar Ansari

UP court orders judicial probe into Mukhtar Ansari’s death

The CJM has sought the probe report within a month

Cash-strapped Congress gets fresh IT notice of Rs 1,700 crore, say party insiders

Cash-strapped Congress gets fresh I-T notice of Rs 1,800 crore

Ajay Maken addresses a press conference

Special court convicts 7 people in BSP MLA Raju Pal murder case

Special court convicts 7 people in BSP MLA Raju Pal murder case

The proceedings against Atiq Ahmad, his brother and prime ac...

Arvind Kejriwal's wife releases WhatsApp number for people to send messages for jailed AAP leader

Arvind Kejriwal's wife launches WhatsApp campaign to garner support for AAP leader

In a digital media briefing, Sunita says her husband has cha...


Cities

View All