APP HACKS: HOW HACKERS CAN ACCESS YOU THROUGH YOUR APPS
Many people use the same password for all of their apps; and a new security report says “password-1” is still the most commonly used password.
If your apps are attacked, thieves can then access your bank accounts, have groceries delivered or get a car ride almost anywhere in the world.
“There was an odd charge on my account, and it was for a $1,054,” said Aimee Beth McLynn.
More than $1,000 was charged to McLynn’s Uber account for a ride she never took in June. As she says she was at her apartment in Logan Square, someone used her account to take a black car from New York City to New Jersey.
She also says she never shared her account information.
“It terrified me just because I know it’s a credit card I don’t use at all and pretty much just set it up for Uber, the thousand dollars was the part that freaked me out the most,” McLynn said.
She says she got the charge reversed in about a day after taking her complaint to Twitter – then, an Uber rep emailed saying someone “illegitimately logged into” her account.
There’s no telling how that person got her information but in March, a technology reporter from Vice’s “Motherboard” said he uncovered the sale of Uber accounts for $1 on the dark web. Uber said it found no evidence of a breach and that it vigilantly protects rider data.
“We have researchers to look into the underground forums,” said Eric Merrit, of Trustwave.
Security experts at Chicago’s Trustwave showed the ABC7 I-Team how easy it is to find social security numbers and credit card numbers of Chicagoans for sale on underground websites – all of it can easily be searched by zip code.
Trustwave says it hasn’t spotted app account information for sale but its 2015 Global Security Report found that 98 percent of apps have vulnerabilities.
“The vulnerability on that app may allow the attacker to get on your iPhone or your computer, which would give them access to your credit card data, personal information,” Merritt said.
You should regularly change your passwords and have different ones for different apps. McLynn says she’s changed hers but deleted Uber from her phone.
“It’s kind of startling that it’s a $1,000 charge and they never reached out to me. That I am the one that’s hounding them over it,” McLynn said.
Uber says the situation was handled quickly.
Trustwave’s Global Security Report also discovered that it only takes about one day for a hacker to crack an eight-character password – but if you increase it to a 10-character password, it can take almost 600 days to be hacked. Just adding those two more characters can protect you from being a victim.