It happened again–hackers at LulzSecurity exposed Sony BMG’s vulnerabilities and took hold of at least 1,000,000 “unencrypted users, unencrypted admin accounts, government and military passwords,” according to the organization’s Twitter status.
People at risk include those who have signed up for Sony, or Sony-related brands and sweepstakes, like SonyPictures.com, TheYoungAndTheRestless.com.
If you’re one of these people, your personal data–e-mail address, home address, phone number, and date of birth–might be compromised. Use these tips to survive the breach:
1. Beware of fraudulent e-mails. Now that your e-mail address(es) has been exposed, you’re vulnerable to phishing attacks. Look out for e-mails from seemingly legitimate sites (like Sony) asking you for personal information like passwords or bank account information. Be careful when clicking links or opening attachments in e-mails, even if they appear to come from someone familiar or trusted.
2. Use a different e-mail for “junk.” If you’re using your primary e-mail when signing up for things like sweepstakes, create a “junk” e-mail address and use that instead. Some of the Sony accounts exposed were those associated with giveaways like “The Summer of Restless Beauty Instant Win.”
3. Look out for fraudulent calls. Watch out for illegitimate calls–your phone number, accompanied by your address, gives criminals enough information to impersonate a representative from a company like Sony. So if you get a call claiming you won the Sony-Autotrader sweepstakes, think twice before accepting it.
4. Use a unique password for every account. Although it’s convenient to use the same password for all online accounts, your security is on the line. Create a unique password for every account and store them in a secure service like LastPass.
5. Change your security questions. Your e-mail address, along with the other data exposed in the breaches, could be used to reset your account passwords. Change your security questions immediately, and consider creating your own unique question if the service gives you the option.
6. Don’t give up information in the first place. Before joining a service or entering a sweepstakes, consider the necessity of the account and the consequences of signing up. If you choose to sign up, check to see which fields are required, as oftentimes your home address and phone number are optional.
Senior writer Elinor Mills contributed to this story.