If easyJet was hacked, how safe is my data with the other websites I use?

03/06/2020

EasyJet experienced a major data breach in April - nine million customers’ data was stolen by hackers who accessed the backend of the website.  

This is a worry, as we all enter our details into numerous websites every day, relying on each website to have put the necessary measures in place to keep our information safe.  

But if a company as big as easyJet can be vulnerable, with the extensive resources it has at its disposal, what about the many much smaller websites we buy from?  

Many of us are looking for opportunities to shop local and support smaller independent businesses but do we need to think twice? 

Of course the lesson from easyJet’s recent event is that if cyber attackers are determined and keep on trying to target a website, they will eventually succeed. And bigger business are targets, by virtue of their high profile and sheer volume of data they hold. 

What can we as consumers do to make sure we are safe when we log in online? 

The first thing to remember is that what hackers want is our email and password information so they can then hack access our accounts.  

So first up, if you’re using alpha numeric passwords, there is some important guidance you should follow: 

  • Change your passwords regularly 
  • Don’t use names / pet names, or obvious ones like “password1234” 
  • Ideally don’t use whole words on their own - they are susceptible to “dictionary attacks” 
  • Always set unique passwords that are different for each website - don’t reuse them - particularly important ones like email or bank accounts 
  • NCSC guidance suggests it’s best to use a combination of three random words -  https://www.ncsc.gov.uk/blog-post/three-random-words-or-thinkrandom-0

After that, we the users, have to rely on the websites doing the best possible job of keeping our data safe, using the latest standards of encryption and the best technology available.  

It would be nice to be able to say that most websites do strive for the latest and best standards possible, but sadly it’s not always true. The question of login and authentication (checking it’s really you entering the site / your account) is often neglected, slipping to the bottom of the to-do list during a busy web development project, and basic, default settings are frequently used.  

So one thing to look out for is websites using third party authentication. This is where they effectively outsource the responsibility for managing the process of authenticating visitors to the site, and looking after their login data, to a specialist company. 

PixelPin is a third party login provider, but unlike others, we use pictures instead of passwords - you choose a favourite picture, pick four points, and that’s your login. Out of the millions of possible pixels, it’s almost impossible for another person to guess even one of your click points correctly. And you use the same picture and the same four points on every site where PixelPin is in use, as you always go to our secure page to enter your login details. As a specialist provider, we can guarantee that our security and encryption / data hashing protocols are the best that are available, so you your data is safe when stored with us.  

Plus it’s a lot more fun than remembering lots of different passwords.  

For more tips on staying safe online, visit the ICO (Information Commissioner’s Office) website (https://ico.org.uk/your-data-matters/online/social-networking/) or Facebook page (https://www.facebook.com/ICOnews/), and the NCSC (National Cyber Security Centre) website (https://www.ncsc.gov.uk/collection/top-tips-for-staying-secure-online).