You're not the only one with a lame password

Bloomberg

Email Print

You're not the only one with a lame password
The height of our digital laziness can be found in our passwords. As was revealed a few years ago, one of the most popular user passwords was "123456," a show of lethargy that was only outdone by those who couldn't muster an extra keystroke -- "12345." ("1234" would have been popular if not for a minimum number of characters requirement.)
Well, it turns out many of the folks who are managing much higher-value online targets than a Facebook account aren't much better at devising hard-to-crack passwords.
IntelCrawler, a Los Angeles-based security firm, has been tracking a group that uses thousands of infected personal computers to supercharge their online search for Web-connected point-of-sale terminals used by retailers, restaurants and hotels. The crooks, who break into the payment machines and use stolen credit-card data to commit bank fraud, are seeking the next Target-level heist, according to the company.
These cyber thieves may find it, thanks to the lame passwords protecting these systems. The most popular was "aloha12345," which seems to tell us where the user would rather be, tropical storm aside. There were about a dozen variations of "aloha," including, you guessed it, the even lazier "aloha1234." Other favorites were "micros" (the brand name of a large point-of-sale maker), "pos12345" and "posadmin." IntelCrawler said some of the passwords were still the default ones that came with the machines. The company, which has built a specialty researching point-of-sale cyber-crime, has identified more than 2,000 breached terminals globally.
The countries with the most infected PCs used in the attacks were Zimbabwe, Vietnam and Venezuela. The hackers compromised POS systems in Australia, the U.K. and other regions. When IntelCrawler discovers a breach, it notifies the affected banks and credit-card companies.
Unlike many security stories, the lesson here isn't that consumers need to wake up to the growing threat of hackers. Instead, it's businesses that need to get their heads out of the sand and do a better job of protecting their customers. Mahalo.

More Tech News