Robert Siciliano identity theft expert

I recently appeared on Fox News in response to a Fox anchor whose Hotmail account was hacked into. Criminals either guessed his qualifying question or they hacked his password. He admitted that his password was an easy one that could be guessed or was a word found in the dictionary. It took a few days for him to get his account restored, but only after we got in touch with the guy at hotmail that flips the switch to make it happen.

Twitter had a breach of data when an employees email was hacked too. Biz Stone, co-founder of Twitter announced: “From the personal account, we believe the hacker was able to gain information which allowed access to this employee’s Google Apps account which contained Docs, Calendars, and other Google Apps Twitter relies on for sharing notes, spreadsheets, ideas, financial details and more within the company,”

Reports are the hacker guessed the answer to the Twitter employee’s security question and reset the password of the account in question.

Web based email ROCKS! You are no longer tethered to a PC based client and can access it everywhere. An added benefit is no more concerns about losing data if your PC crashes and you haven’t backed up. That is of course if the cloud doesn’t crash. Most web based email providers offer gigabytes of free storage and other cool tools like documents, RSS readers and calendars. Life in the cloud is much easier and more convenient. But is it secure?

Sarah Palins Yahoo email was recently hacked into and here is a word for word account by the hacker on how he did it.

PCPro reported on a study done by Microsoft Research and Carnegie Mellon University on all 4 major web based email providers including – AOL, Google, Microsoft, and Yahoo. In a statement pulled from the study “All four of the most popular webmail providers – AOL, Google, Microsoft, and Yahoo – rely on personal questions as the secondary authentication secrets used to reset account password. “We ran a user study to measure the reliability and security of the questions used by all four webmail providers.”

“The secret questions employed by the top four webmail services are not sufficiently reliable authenticators. The security of personal questions appears significantly weaker than passwords,” warns the paper.

Upon learning of the study Yahoo updated all their qualifying questions.

Once someone knows your email address they would simply go to the “forgot password” section and be asked a preselected qualifying question that you answered when signing up for the account. The webmail provider would then ask the question. Next step for the hacker is to seek out that answer.

After researching the qualifying questions I discovered current questions aren’t entirely easy for someone to guess. Some maybe. Others would require research at, or searching information on someone’s social network. Information found in the trash could also make it possible for someone to enter the data. Many questions are seeking opinions opposed facts. A favorite aunt is an opinion, but if the criminal hacker knew all your aunts names they would just keep entering aunts.

But here is the problem, if you signed up for your web based email a year ago, Pre-Palin, the questions may be much simpler and easy to guess.

Current Gmail qualifying questions are:

What is your frequent flyer number?
What is your library card number?
What was your first phone number?
What was your first teacher’s name?
Write my own question

Current Yahoo qualifying questions are:

What is the first name of your favorite uncle?
Where did you meet your spouse?
What is your oldest cousin’s name?
What is your oldest child’s nickname?
What is the first name of your oldest niece?
What is the first name of your oldest nephew?
What is the first name of your favorite aunt?
Where did you spend your honeymoon?

I suggest heading to your web based account and going to “forgot password” and seeing what the qualifying question is. If its an easy one to answer, or would require a little research to crack, then update the question with one you create based on opinion opposed to fact. And keep in mind if it asks what your favorite food is, most answer pizza, and your least favorite food, most answer liver. So be creative.

You also need to beef up your password. Use uppercase, lowercase, alpha and numeric. Don’t use consecutive numbers and never use names that are associated with your life, like pets and kids.

1. Get a credit freeze. Go online now and search “credit freeze” or “security freeze” and go to and follow the steps for the state you live in. This is an absolutely necessary tool to secure your credit. In most cases it prevents new accounts from being opened in your name. This makes the SSN useless to the thief.

2. Invest in Intelius Identity Theft Prevention and Protection. While not all forms of identity theft can be prevented, you can effectively manage your personal identifying information by knowing what’s buzzing out there in regards to YOU.

Personal Identity Profile – Find out if you’re at risk for identity theft with a detailed report of your identity information, including a current credit report, address history, aliases, and more.

24/7 Identity Monitoring and Alerts – Prevent identity theft with automatic monitoring that scans billions of public records daily and alerts you to suspicious activity.

Identity Recovery Assistance – Let professionals help you recover your identity if you ever become a victim of identity theft.

Robert Siciliano identity theft speaker on Fox discussing hacked email.

Be Sociable, Share!