How Easy Is It for Someone to Steal Your Password and Hack Your Account?

Identity theft is a huge problem nowadays as cybercriminals are endlessly looking for banking accounts, social media profiles, and various other accounts they could hack in. No doubt it is difficult to say how easy it might be for someone to take over your profile as it depends on how secure its password is, what other precautions you take to guard the account are, and other factors. However, knowing there are circumstances when the user is helpless to protect his private data, for example, during data breaches, the chances of getting one's profile hijacked seem rather huge. Despite the fact that the topics of how to protect user's sensitive information and how to avoid data breaches are being actively discussed, there are still users who risk their privacy daily and companies that do not take all necessary precautions to protect their customers' data. Hopefully, this blog post will help some of you realize how vital it is to guard your accounts against cybercriminals as well as learn how they might be hijacked and how to recover them when that happens.

What are the techniques used to steal passwords?

A massive amount of passwords, login names, and other sensitive information can be stolen by finding weaknesses in the targeted website and employing them to hack the company's systems or servers. Such attacks are called data breaches. They occur every day. For example, according to, there were 1.765 incidents in 2017, and 1.222 of them were Identity Theft (attacks during which cybercriminals managed to steal passwords and other information needed to hack into compromised accounts). It is crucial to know, in case your information gets compromised during a data breach, you should change login information immediately before the hackers can hijack the account. Needless to say, the previously used password should never be reused for the same or any other account ever again.

Besides attacking service providers, cybercriminals can steal passwords by exploiting the accounts' or the devices' vulnerabilities, for example, weak passwords, outdated software, lack of security tools, and so on. Passwords that are made from six or fewer characters and contain words like user's name, pet's name or birth date are considered to be weak because they can be guessed quite easily. Fortunately, many web pages give a specific number of attempts to log in. Consequently, there is a possibility it will not be enough to guess and steal passwords no matter how weak it might be.

Therefore, hackers often use more sophisticated methods, such as Phishing, which is one of the most common forms of social engineering. In most cases, hackers design fake web pages that imitate various legitimate websites before starting their Phishing campaigns. The next step is to present victims with links to such web pages and convince them to provide their login information or other sensitive information. Moreover, the links can be delivered via email or messaging applications and messages they carry may claim the user's account is in danger, or announce he has won something and needs to confirm his identity to protect the compromised account/claim the prize. Unfortunately, there are lots of possible scenarios and identifying a phishing scam might be not an easy task for inexperienced users.

Another technique that could be used to steal passwords is infecting the user's device with malware. In this case, the attack could be successful if the targeted device has outdated browsers, operating system, antimalware tools (or does not have any security tools at all), and other software that could have vulnerabilities. In most cases, to steal passwords cybercriminals use keyloggers. In fact, such threats may record all user's keystrokes, which means besides passwords, they can take a lot of other sensitive information (e.g., chat conversations, emails, or even banking details). The worst part is such software can work silently in the background, and the user may not realize his information is being stolen for days, months or even longer.

How to recover hacked account?

There is always hope that you could recover the account, but you have to know how to do it and you have to act fast. If the cybercriminals did not change your password, you could try to log in and replace it. If you cannot log in, you should try resetting the password using the account's recovery email or telephone number. Otherwise, your only hope might be the website's guide for recovering hacked accounts or contacting its technical support if possible and explaining the situation. Nonetheless, in such circumstances you would most likely need to confirm your identity and if you cannot do that the account could be lost. Of course, it is an entirely different story if the hacked account is not your social media profile or email, but your banking account as in such a case users must contact their bank for assistance.

What to do to protect your accounts?

First of all, computer security specialists recommend creating passwords from at least eight characters and using not just letters (both lowercase and uppercase) and numbers, but also symbols. The reason is simple: The more different characters there are, the more possible combinations there are, and it could become nearly impossible to guess the password. Additionally, users could ensure password security by storing them on a dedicated password manager application. For example, if you pick Cyclonis Password Manager, keep in mind you can also create random passwords of up to 32 characters with its Password Generator.

Next, users should consider setting up Two-Factor Authentication (2FA). Not all websites provide such functionality, but you can enable it for many popular social media and email accounts. Enabling 2FA is not as difficult as you may think and if you take a look at this blog post, you can learn how to set it up for your Facebook, Google, Twitter, and Reddit accounts. Afterward, you will be able to log in only after providing both the account's password and the additional chosen factor (e.g., code sent via email/mobile phone or the user's fingerprint).

Besides making passwords that would be difficult to guess or setting 2FA, users should also ensure their device is not vulnerable to malware. For starters, it would be wise to update all outdated software and keep doing so whenever new updates arrive as old versions usually have weaknesses that can be known to cybercriminals. Naturally, to make the device even more resistant to malicious applications you should install a reputable antimalware tool.

Even though being precautious might not save you from losing your accounts in all cases, doing so might still lessen the chances of it happening. Naturally, to keep making it less possible for cybercriminals to steal passwords or hack your accounts you should keep expanding your knowledge in cyber security and try learning new useful habits that may prevent you from becoming a victim of Identity Theft.

August 17, 2018

Leave a Reply