Tip of the Week: Security Breaches

We hear it all of the time. Users getting hacked or experiencing identify theft. And there are some users who don't realize the Internet means one thing: Everything can be shared to the public--even private conversations and FTP servers. You might share one little story via instant messenger to one friend (even someone you know in person) who might share it with just one person, and that person shares it with people in a live chat room. Before you know it, the story about mooning the old janitor at football practice in the dark night with the moonlight shining on your derriere becomes everyone's business.

An oops like that isn't too serious, right? What gets me is the security problems many of you face every single day with the social interaction tools used on the Internet. You might read the news often enough to know what happens with Twitter, Facebook, and other Web site security problems (if you don't know, do some keyword searches in Google), but what I don't want is ANY of you having a hacked GameSpot account. It's not fair to your friends getting private messages from strangers; it's not fair for your account to get a rep for serious abuse worthy of a ban.

This is a little message for those of you who do not understand security problems on the Internet and how to overcome being easily hacked on the Internet.

1) Sharing pictures online for the entire world to see? Sure, maybe that's fine. Who cares if they know Uncle Bob's last name, but it would be unwise to share your mother's parent's last names in the captions or descriptions of your pictures. We all might have a habit of calling our grandma by the last name without realizing that it is our mother's maiden name. That info is a hacker's dream for messing with someone. If you are using any social Web sites that have real names, do not share the friends list with everyone. The hacker might contact the list members to ask questions about you, and there goes even more security questions if you aren't careful. Also, try to fiddle with the security questions with false answers instead of answers people might have. If your favorite color is blue, put greenbutreallyblue as the answer or something else that won't be easy to find on a wild guess.

2) Publicly sharing your e-mail should only happen if you don't have the e-mail attached to an account with your credit/debit cards. Ebay, Paypal, Amazon, Steam, and the like are easy to mess with once a hacker has breached your e-mail. With just a click, they can restore your password for that account. Sure, maybe it will be a prank where they spend $600 to purchase you something, but it's not always easy to return your goods without having some kind of "Return to Shelf" fee or other penalty. Some people who breach accounts also find ways to "download" content, like music and games as well. Be super cautious in this area and know every single registered account you have attached to your debit/credit cards. Also, there are a lot of articles on the Internet about this, so DO sign up for a bank or service that will alert you of suspicious transactions and add other alerts about certain amounts of money transaction alerts.

3) Keep every single password for each account different. You might not be able to remember all of them and have to do a couple of password recoveries, but this pretty much causes you to have one account hacked instead of all of the ones with same password. Always keep a long password here at GameSpot and include every character it might accept (don't just use numbers and letters--don't just use a word in the dictionary either). Instant messengers like MSN, AIM, and other accounts are also easy subjects for hacking, so make sure you also have a different password for those accounts. Don't add people you don't know on these instant messengers.

4) If possible, do make a habit of changing out your password every month or two on GameSpot.

5) Do NOT allow your e-mail to be public if it's associated with an important account, GS account(s), and the accounts associated to credit/debit cards.

6) Be aware if you have an account on a Web site that allows for easy account deletion (such as using one button to close the account). Be super mindful. GameSpot currently does not allow account deletions for each registrant, so we are one site that is not too easy for a hacker to completely destroy your account, although he or she might be able to remove all of the content you have.

7) The saying about the less you register, the more secure you are is correct. Know where you register and remember you have an account. When accounts were hacked in the early days, it had to do with users registering at a UBB (forum), which made it easy for an owner of the forum to check passwords and use them on other Web sites. That's why you need to monitor your registration activity as much as possible.

8) Consider a secure Firefox browser app that allow you to monitor Web sites that are not secure and alert you when something is suspicious. Avoid visiting unfamiliar Web sites as much as possible. Do some searches for tech news Web sites like CNET http://news.cnet.com/security/ to find other ways to overcome Internet security problems.

9) Do not click on links you are unfamiliar with in case the site ends up phishing your information. Check URLs as often as you can, even if the Web site looks similar to a site you visited. For instance, the site www.gamesp0t.com (zero instead of o) doesn't exist, but if it were a phishing site, the Web site design would be exactly the same as GameSpot. The only difference is that the login field will track your login and password to breach your account on GameSpot. By simply looking at the URL when you are linked, you could save your account from being breached on GameSpot.

10) NEVER EVER share your password with anyone, not even grandma or your dog. You never know when family, friends, or the dog will go rabid. You are responsible for what happens to your accounts, and the problems you encounter can easily be avoided if you play it smart. Keep it secret, keep it safe.

Now that you know these tips about discovering ways to keep your accounts secure throughout the Internet, here are some ways to find out what other people know about you on the Internet.

1) Consider doing a "search" in Google to see what places your e-mail comes up. If it's public, it's easy for an account breach on any of the accounts you have outside GS.

2) Change your e-mail to your GS account if it's known to the public. Why? As mentioned earlier, if someone hacks your e-mail, that person can restore passwords or change them on any Web site that you have attached to it. Keep it safe!

3) See what people know about you by doing a search for your real name at Web sites that do contact info searches. Is your real name unique? If people know your location and real name, you might be easy to look up via real name Web site searches that share your address and phone number. Figure out ways to remove your name from these places by not being in the phone book (these days, mobile phones make it easier) or you could always move away. ;)

4) Get in the habit of logging in to GameSpot with your secure e-mail. Users already know your username, and this will help staff immediately identity the intruder. Obviously, we have other ways to track your login history, too.