Tag: security

By Tehillah Niselow for Fin24 

Liberty Holdings customers received SMSs on Saturday alerting them that personal information related to their insurance policies could have been stolen by an external party.

The Information Regulator, which has asked for information about the Liberty breach, is clearly concerned about the increasing number of cyber attacks affecting personal data in South Africa.

“Without a fully functional Information Regulator, these breaches will continue to occur without sanctions provided for in the Protection of Personal Information Act (POPIA),” said chairperson Advocate Pansy Tlakula.

Tlakula urged “the powers that be to assist it in fast tracking its operationalisation”.

According to corporate law firm Michalsons, certain limited sections of POPIA have already been implemented. However, the bulk of the legislation will only commence at a later date, to be proclaimed by the president. As there is a one-year grace period, the POPIA deadline might only be set for the end of 2019 or in 2020.

In the meantime, South Africans are coming under heightened attack from cyber criminals and hackers.

Andrew Chester, MD of Ukuvuma Security, told Fin24 that affected clients or users should immediately alert their banks and cellphone provider. They should also undertake a credit check as well as a Google search to determine whether their personal information is in the public domain.

Liberty email hack

In SMSs to clients on Saturday, financial services company Liberty informed them that its email repository had been breached by a third party trying to demand a “ransom” in exchange for the data.

Liberty has not revealed much about the breach, citing a police investigation. CEO David Munro confirmed that Liberty’s insurance clients were the only ones affected, and that none of its other business had been compromised.

The company said none of its clients have been impacted financially, and that individuals will be personally advised if their information has been affected.

ViewFines licence details

In May the Hawks, the State Security Agency and the Information Regulator said they would probe the breach of personal records of 943 000 South African drivers, allegedly from online traffic fine website ViewFines.

The information reportedly contained the names, identity numbers and email addresses of South African drivers stored on the ViewFines website in plaintext.

The ViewFines website is owned by Aggregated Payment Systems. News24 reported that its operations manager confirmed the company was “implementing security measures immediately” to improve the website after being informed of the breach.

The source of the data was located by Troy Hunt, an Australian security researcher and creator of the free service Have I Been Pwned, which checks whether an individual’s information has been compromised.

Facebook scandal

While Facebook founder and CEO Mark Zuckerberg had to face angry lawmakers in the US and European Union, it was reported that the data breach involving the UK political consultancy affected almost 60 000 South African users.

In May, the Information Commissioner’s Office of the United Kingdom (which regulates Facebook outside the US and Canada) advised the Information Regulator of South Africa that over 87 million people had been affected worldwide.

However, no evidence could be found of South Africans having been targeted, as the majority of users involved were in the US.

Master Deed’s data breach “biggest” digital security threat in SA

Hunt was once again instrumental in revealing what was known as the “biggest” data breach in South African history, together with iAfrikan CEO Tefo Mohapi in October 2017.

Over 60 million South Africans’ personal data, from ID numbers to company directorships, was believed to have been affected.

The information was traced to Jigsaw Holdings, a holding company for several real estate firms including Realty1, ERA and Aida. The information reportedly came from credit bureau agencies, and was used to vet potential clients.

The information trove was found not to have been hacked, as it was stored in an easily accessible manner on an open web server.

Ster-Kinekor’s database compromised

Movie theatre chain Ster-Kinekor was responsible for up to 7 million South Africans falling victim to a data leak in March 2017.

Fin24 reported that Durban developer Matt Cavanagh announced he had discovered a flaw in Ster-Kinekor’s booking website, and that he had reported it to the company.

There were between 6 and 7 million users in the database. Of those, 1.6 million people had email addresses linked to them on the movie theatre chain’s database.

Liberty Life hacked, user data exposed

Financial services group Liberty Life sent out an SMS to their clients on Saturday evening informing them of a major security breach.

Liberty launched an investigation after its systems were hacked, and said the hackers alerted the company to potential vulnerabilities in its systems and were now demanding compensation.

The Sunday Times reported that the hackers obtained sensitive information about some top clients and have demanded payment of millions of rand not to release the data.

Liberty has communicated with its customers regularly, advising them to change passwords as applicable.

Liberty Life hack could be ‘an inside job’: expert

A security expert has questioned how hackers gained access to Liberty Life clients’ information, suggesting it could have been an inside job.

The financial services provided confirmed on Saturday that its information technology system was hacked last week, by people who demanded payment. It has since regained control of the system.

“It most likely happened in one of two ways: it was either an inside job or someone with the correct privileges was hacked, which means that they could have used that person’s permissions to get into the system,” said managing director of Ukuvuma Cyber Security, Andrew Chester.

He said the hack could have been avoided by applying general data security practices such as encrypting sensitive data, segregating it from vulnerable systems, and building in rigorous access control and monitoring systems.

“Why did Liberty have unstructured email data and attachments that were left unmonitored and more importantly, why was this sensitive data not encrypted? When doing threat-hunting or a security analysis for any company, the first thing one looks for is how easy it is to extract data without being detected.

“Additionally, how did the hackers know where to find the data? If it was an inside job they might have been tipped off, but if it wasn’t, it means that they spent enough time on the infrastructure to know where to look, which is very alarming,” he said.

Chester said it was also concerning that no-one detected the breach until the hackers themselves informed the company.

“There’s a common saying that you sometimes don’t know you’ve been hacked until law enforcement comes knocking at your door, but in this case, Liberty only found out once the criminals had contacted them,” he said.

The company said its investigation into the breach was at an “advanced stage”.

Source: eNCA 

By Vicky Sidler for MyBroadband / Nick Saunders at Mimecast

When I say the word “bat”, what image comes to mind? A flying mammal? A cricket bat?

In English, they call this a “homograph”: when two or more words are spelled the same but don’t have the same meanings or origins.

In cyber-security, a homograph is a lot more sinister. It’s a term given to a type of impersonation attack where an email address or website URL looks legitimate but isn’t. It’s designed to trick people into clicking on malicious links or to fool them into transferring money or sharing sensitive information.

Recent research by Vanson Bourne and Mimecast found that more than 85% of respondents had seen impersonation fraud in the past 12 months, and 40% had seen an increase in this type of attack in the same period. In South Africa, 36% of respondents had seen an increase in impersonation fraud asking to make wire transactions, and 37% had seen an increase in impersonation fraud asking for confidential data.

Despite this growth, many organisations do not have a cyber resilience strategy in place to help them detect, prevent and recover from these types of attacks.

Easy to execute, hard to detect
Homograph attacks are difficult to detect – by both the user and regular email security systems.

To create these lookalike domains, attackers use non-Western character sets or special characters found in Greek, Cyrillic and Chinese, to display letters which, to the naked eye, look identical to the western alphabet. Mimecast.com, for example, looks like мімесаѕт.com in Cyrillic. According to one domain name checker, there are 117 possible Mimecast domains that can be misrepresented with just one character from a non-English alphabet.

These subtle changes are likely to go unnoticed by users. In South Africa, 31% of respondents were not confident that employees could spot and defend against impersonation attacks, which easily and often slip through an organisation’s security systems.

Some 21% of South African respondents were not confident that their organisation’s security defences could defend against impersonation fraud asking for confidential information, rising to 25% for fraud asking to make wire transactions – in line with global trends.

This is because the emails themselves don’t contain malware and the URLs often have legitimate (read: stolen) security certificates.

Is it me you’re looking for?
Website URLs aren’t the only avenues for impersonation attacks; email address impersonation is also on the rise.

These types of attacks are designed to trick users such as finance managers, executive assistants and HR representatives into transferring money or disclosing information that can be monetised by cybercriminals. The email appears to come from someone they trust – a C-suite executive or a third-party supplier that they regularly do business with – and therefore wouldn’t think twice about responding to.

South Africans reported that, in the past 12 months, cybercriminals have attempted to impersonate finance teams (24%), third-party vendors (20%), a member of the C-suite (7%), as well as HR, sales, operations, legal and marketing team members (between 5% and 8%).

Again, these emails do not contain malware, which means they can go undetected by most email security systems. Social engineering attacks such as these rely on our inability to spot anomalies in URLs and email addresses – and the fact that we believe we’re communicating with someone we know.

Know what to do
Cybercriminals have figured out that they can bypass security systems by switching from malware-laden attacks to malware-less impersonation attacks. Now, social engineering meets technical means to put us in the middle of the next evolution of cyber-attacks.

Here are some measures organisations can implement to guard against these types of attacks:

  1. Education – when users know how social engineering and spoofing attacks work and then understand they shouldn’t click on links in emails, breach incidents can be drastically reduced. Users should be encouraged to physically type an address into a browser rather than click on a link in an email, even if it was supposedly sent by someone they know and trust. Education and awareness will always be the most important defence mechanisms.
  2. Protection – email security systems are getting better at stopping malware which enter the network through dodgy files and attachments, but few are effective against impersonation attacks. Organisations need a solution that can deep-scan all inbound emails and inspect for header anomalies, domain similarity, sender spoofing and the existence of keywords and suspicious impersonation emails. These can then be blocked, quarantined, or delivered as flagged to alert the receiver of potential risk.
  3. Resilience – having the right threat protection in place is just one part of a robust cyber resilience strategy. Organisations also need to be able to adapt their strategies to stay ahead of attacks, while having the durability to continue with business as usual in the event of an attack, and the recoverability to ensure data and emails are always accessible.
  4. Oversight – often, lax security on a third-party supplier’s side provides an entry point into an organisation’s network. Enterprises should continuously evaluate and manage the security and privacy policies of their suppliers and include security in their service level agreements. They should also perform on-site security assessments with new suppliers before sharing sensitive information.
  5. Visibility – organisations need to know who their vendors are and who has access to company information, and for what reasons. This is even more important now that the EU’s General Data Protection Regulation has come into force and will affect all South African organisations when the Protection of Personal Information Act is finalised.

Thirty-seven percent of South African organisations have suffered data loss because of email-based impersonation attacks in past 12 months. These organisations also reported reputational damage (34%), loss of customers (29%), direct financial loss (17%) and lost market position (19%).

Email continues to be the number one threat to organisations globally and accounts for 96% of all incidents that organisations face.

Clearly, there is an urgent need to work towards a higher standard of email security. Cyber-criminals have evolved their attack methods. It’s time the security strategies organisations use to protect their users and their businesses evolve as well.

By Eric Limer for Popular Mechanics 

Twitter is suggesting all users change their passwords as a precaution after a reported glitch caused some passwords to be stored in plain text. If you’ve ever used your Twitter password for another service, you’d be wise to change it in both places.

Twitter says there is no evidence of a breach, but the error would have allowed any snoopers inside the system to scoop up unprotected passwords with ease. Typically, passwords are “hashed” before they are stored, a process which transforms them password into a unique series of numbers and letters that can’t be translated back into the actually sequence of numbers and letters you type in. This prevents hackers from snagging a phrase they can try on your other accounts.

Even with no evidence of an actual breach, this bug serves as a good reminder for some basic security hygiene. Use unique passwords for every service you use; a password manager can help you keep track of them all. Turn on two-factor authentication where available (it is available on Twitter). And while you’re at it, go look at the apps that have access to your account. These apps, if they’re insecure themselves, can offer hackers a limited way into your account without ever having to figure out your password.

Make your router hacker-proof

By Sandeep Nair Narayanan, Anupam Joshi and Sudip Mittal for The Conversation 

In late April, the top federal cybersecurity agency, US-CERT, announced that Russian hackers had attacked internet-connected devices throughout the U.S., including network routers in private homes. Most people set them up – or had their internet service provider set them up – and haven’t thought much about them since. But it’s the gateway to the internet for every device on your home network, including Wi-Fi connected ones. That makes it a potential target for anyone who wants to attack you, or, more likely, use your internet connection to attack someone else.

As graduate students and faculty doing research in cybersecurity, we know that hackers can take control of many routers, because manufacturers haven’t set them up securely. Router administrative passwords often are preset at the factory to default values that are widely known, like “admin” or “password.” By scanning the internet for older routers and guessing their passwords with specialized software, hackers can take control of routers and other devices. Then they can install malicious programs or modify the existing software running the device.

Once an attacker takes control
There’s a wide range of damage that a hacker can do once your router has been hijacked. Even though most people browse the web using securely encrypted communications, the directions themselves that let one computer connect to another are often not secure. When you want to connect to, say, theconversation.com, your computer sends a request to a domain name server – a sort of internet traffic director – for instructions on how to connect to that website. That request goes to the router, which either responds directly or passes it to another domain name server outside your home. That request, and the response, are not usually encrypted.

A hacker could take advantage of that and intercept your computer’s request, to track the sites you visit. An attacker could also attempt to alter the reply, redirecting your computer to a fake website designed to steal your login information or even gain access to your financial data, online photos, videos, chats and browsing history.

In addition, a hacker can use your router and other internet devices in your home to send out large amounts of nuisance internet traffic as part of what are called distributed denial of service attacks, like the October 2016 attack that affected major internet sites like Quora, Twitter, Netflix and Visa.

Has your router been hacked?
An expert with complex technical tools may be able to discover whether your router has been hacked, but it’s not something a regular person is likely to be able to figure out. Fortunately, you don’t need to know that to kick out unauthorized users and make your network safe.

The first step is to try to connect to your home router. If you bought the router, check the manual for the web address to enter into your browser and the default login and password information. If your internet provider supplied the router, contact their support department to find out what to do.

If you’re not able to login, then consider resetting your router – though be sure to check with your internet provider to find out any settings you’ll need to configure to reconnect after you reset it. When your reset router restarts, connect to it and set a strong administrative password. The next step US-CERT suggests is to disable older types of internet communications, protocols like telnet, SNMP, TFTP and SMI that are often unencrypted or have other security flaws. Your router’s manual or online instructions should detail how to do that.

After securing your router, it’s important to keep it protected. Hackers are very persistent and are always looking to find more flaws in routers and other systems. Hardware manufacturers know this and regularly issue updates to plug security holes. So you should check regularly and install any updates that come out. Some manufacturers have smartphone apps that can manage their routers, which can make updating easier, or even automate the process.

By Alison DeNisco Rayome for Tech Republic

Microsoft is doubling down on its promise to rid the world of passwords and replace them with more convenient and secure options, the company announced in a Tuesday blog post.

“Nobody likes passwords. They are inconvenient, insecure, and expensive,” according to the post. The tech giant wants to deliver on two key promises: That end users “should never have to deal with passwords in their day-to-day lives,” and to replace passwords with “user credentials [that] cannot be cracked, breached, or phished.”

Microsoft first made a move to reduce password use with Windows Hello, introduced in Windows 10, which uses biometric sensors to verify a user’s identity based on a fingerprint or face scan. It has since introduced the Authenticator app, which allows users to log into their Microsoft account on their desktop using their phone. Finally, Microsoft is working with the Fast Identity Online (FIDO) working group to update Windows Hello with physical FIDO2 security keys that allow for more secure authentication.

The Windows Hello FIDO2 Security Key feature is now in limited preview, the post noted.

“At its core, our fundamental philosophy is simple: devalue the password, and replace it with something that eradicates its use for the end user and drains its value for an attacker,” according to the post.

The Windows 10 April 2018 Update includes the ability to do just that, the post noted: Using Windows 10 in S mode, cloud users (with Managed Service Account or Azure Active Directory) can use their PC without ever entering a password. Users can take advantage of this feature by setting up the Microsoft Authenticator App, installing the Windows 10 April 2018 Update with S mode enabled, and setting up Windows Hello.

To achieve a password-less future for all devices, Microsoft laid out a four-step plan:

1. Develop password-replacement offerings. This would involve replacing passwords with a new set of alternatives that retain the positive elements of passwords while also improving their shortcomings.

2. Reduce user visible password-surface area. Microsoft wants to upgrade all elements in the lifecycle of a user’s identity, including provisioning of an account, setting up a new device, and accessing apps and websites, to make sure they work with password replacements.

3. Simulate a password-less world. This means helping end users and IT administrators to transition into a password-less world easily.

4. Eliminate passwords from the identity directory. Deleting passwords from the identity directory represents “the final frontier,” according to the post.

It remains to be seen if other tech giants will follow Microsoft’s lead and eliminate passwords. With the rise of biometric security in a number of fields, the future for businesses could very well be password-less.

Ropemaker: a new email security weakness

Most people live under the assumption that email is immutable once delivered, like a physical letter. A new email exploit, dubbed ROPEMAKER by Mimecast’s research team, turns that assumption on its head, undermining the security and non-repudiation of email; even for those that use SMIME or PGP for signing.

Using the ROPEMAKER exploit a malicious actor can change the displayed content in an email at will. For example, a malicious actor could swap a benign URL with a malicious one in an email already delivered to your inbox, turn simple text into a malicious URL, or edit any text in the body of an email whenever they want. All of this can be done without direct access to the inbox.

Described in more detail in a recently published security advisory, Mimecast has been able to add a defense against this exploit for our customers and also provide security recommendations that can be considered by non-customers to safeguard their email from this email exploit.

So what is ROPEMAKER?

The origin of ROPEMAKER lies at the intersection of email and Web technologies, more specifically Cascading Style Sheets (CSS) used with HTML. While the use of these Web technologies has made email more visually attractive and dynamic relative to its purely text-based predecessor, this has also introduced an exploitable attack vector for email.

Clearly, giving attackers remote control over any aspect of ones’ applications or infrastructure is a bad thing. As is described in more depth in the ROPEMAKER Security Advisory, this remote-control-ability could enable bad actors to direct unwitting users to malicious Web sites or cause other harmful consequences using a technique that could bypass common security controls and fool even the most security savvy users. ROPEMAKER could be leveraged in ways that are limited only by the creativity of the threat actors, which experience tells us, is often unlimited.

Changing this:

Into this, post-delivery (without having direct access to the user’s desktop):

To date, Mimecast has not seen ROPEMAKER exploited in the wild. We have, however, shown it to work on most popular email clients and online email services. Given that Mimecast currently serves more than 27K organizations and relays billions of emails monthly, if these types of exploits were being widely used it is very likely that Mimecast would see them. However, this is no guarantee that cybercriminals aren’t currently taking advantage of ROPEMAKER in very targeted attacks.

For details on email clients that we tested that are and are not exploitable by ROPEMAKER and the specifics on a security setting recommended by Apple for Apple Mail, please see the ROPEMAKER Security Advisory.

Is ROPEMAKER a software vulnerability, a form of potential application abuse/exploit, or a fundamental design flaw resulting from the intersection of Web technologies and email? Does it really matter which it is? For sure attackers don’t care why a system can be exploited, only that it can be. If you agree that the potential of an email being changeable post-delivery under the control of a malicious actor increases the probability of a successful email-borne attack, the issue simplifies itself. Experience tells us that cybercriminals are always looking for the next email attack technique to use. As an industry let’s work together to reduce the likelihood that the ROPEMAKER style of exploits gains any traction with cybercriminals!

by Matthew Gardiner for Mimecast

 

Cybercriminals could have access to hundreds of millions of Android smartphones’ data. This conclusion was reached after Check Point uncovered four vulnerabilities.

The security firm released a report that showed Android devices running Qualcomm chipsets are at risk from a threat dubbed QuadRooter.

The affected devices include smartphones from BlackBerry, Blackphone, Google Nexus, HTC, LG, Motorola, OnePlus, Samsung and Sony Xperia.

“Such an app would require no special permissions to take advantage of these vulnerabilities, alleviating any suspicion users may have when installing,” says Adam Donenfeld, a member of the Check Point mobile research team.

The attacker would then potentially be able to control devices and could access capabilities such as GPS tracking, and recording video and audio.

The weaknesses were found in software drivers that come with Qualcomm chipsets.

“The drivers, controlling communication between chipset components, become incorporated into Android builds manufacturers develop for their devices,” the company said in the report.

“Pre-installed on devices at the point of manufacturing, these vulnerable drivers can only be fixed by installing a patch from the distributor or carrier. Distributors and carriers can only issue patches after receiving fixed driver packs from Qualcomm.”

After discovering the faults, Check Point let the chip manufacturer know in April.

Qualcomm confirmed to the firm it would release patches to the device manufacturers. It is then up to the manufacturers to send updates to smartphones already sold, and for end-users to install them.

“This situation highlights the inherent risks in the Android security model. Critical security updates must pass through the entire supply chain before they can be made available to end-users,” says Donenfeld.

Check Point has developed a QuadRooter scanner app that is available free on Google Play. Running it will tell users if these vulnerabilities exist on their device.

Smartphone models which could be at risk include:

  • BlackBerry Priv
  • Blackphone 1 and Blackphone 2
  • Google Nexus 5X, Nexus 6 and Nexus 6P
  • HTC One, HTC M9 and HTC 10
  • LG G4, LG G5, and LG V10
  • New Moto X by Motorola
  • OnePlus One, OnePlus 2 and OnePlus 3
  • Samsung Galaxy S7 and Samsung S7 Edge
  • Sony Xperia Z Ultra

While the vulnerabilities unearthed by Check Point are serious, Google has said it has an app pre-installed onto most affected devices that will automatically block a malicious app from being downloaded.
A Google spokesperson told Android Central: “Exploitation of these issues depends on users also downloading and installing a malicious application. Our Verify Apps and SafetyNet protections help identify, block and remove applications that exploit vulnerabilities like these.”

However, Android phones that do not come with Google Play Services installed will still be at risk.

The spokesperson also said Google has released a security patch that protects against three of the vulnerabilities and is working on a patch for the fourth.

Smartphone manufacturer BlackBerry has released a statement saying it is aware of QuadRooter and a fix for BlackBerry’s Android devices has been tested and pushed to customers.

Risky behaviour
Much has been done by partners to mitigate the vulnerabilities and protect the device owners.

Those most at risk will be users who side-load Android apps, by downloading APK files, or those who have disabled Google’s Verify Apps feature.

Side-loading apps is often used to acquire apps that are not available in certain regions, like the mobile game Pokémon Go and music app Spotify.

Check Point recommends downloading and installing the latest Android updates as soon as they become available, carefully examining app permissions before giving access, and avoiding app downloads from third-party sources.

By Lauren Kate Rawlins for www.itweb.co.za

Over half (59%) of women in South Africa value the photos and videos they store on their phones more than anything else on the device – compared to 43% of men, according to a survey by Kaspersky Lab and B2B International. However, despite over a quarter of women worrying about the online safety of these images, many still fail to implement even basic security measures.

The study globally also found that while women are more likely than men to share with others photos of themselves (48%) and of people they know (40%) – compared to 43% and 33% of men respectively – one of their greatest security concerns, named by 29%, is the safety of their pictures and videos should a cyber-criminal gain access to their device.

Locally, one in four women worries that these images and other information could be shared inappropriately or without their consent, causing embarrassment and hurt if sent to the wrong person (45%) or even damage relationships (41%).

Despite this, many fail to appreciate how vulnerable they are to possible cyber-attacks – just 25% believe they could be a target, compared to 26% of men. As a result they don’t implement safety measures to safeguard their treasured photographs or other sensitive information stored on their device. Unlike men, up to 16% of women locally admit they don’t protect their device with a password and 15% of women do not use any form of security solution at all.

This lack of understanding about risk is confirmed by the fact that in a recent global security quiz, 27% of women admitted that they do not backup their devices, thereby risk losing all precious photos, videos and files if their device is stolen or damaged. Men are more prepared by comparison, with 80% of men agreeing that they backup their devices.

“It is not surprising that women use and value the information stored on connected devices differently from men. Devices play an important role in storing and sharing our happy memories and maintaining our relationships through email and text. Women worry more about the emotional impact on others should their devices be stolen or hacked. Celebrities aren’t the only ones to worry about what might happen if their private images were to be publically exposed. The only way to prevent this from happening is to take basic security precautions to keep what’s precious safe. We encourage women to start effectively protecting their devices to keep their precious information and photos safe,” says David Emm, principal security researcher at Kaspersky Lab.

In order to prevent cybercriminals from accessing images, videos and other precious data, files stored on digital devices should be protected by passwords and encryption. Files should also be regularly backed up so that if the device is stolen or damaged, they are not lost forever. If this data is shared or copied, it should be encrypted, so that even if it falls into the wrong hands, it will remain protected. Kaspersky Total Security – multi-device protects data on multiple mobile devices, allowing women – and men – to enjoy their mobile devices whilst remaining secure against cyberthreats.

In a piece of advice that seemingly contradicts everything else we’ve ever heard, GCHQ has recommended you should change your password less often.

According to the spy agency’s cybersecurity arm, forcing people to change their passwords regularly is ineffectual, because they are likely to choose a new password that is very similar to the old one.

They are also more likely to write the new password down, for fear of forgetting it. This increases the risk of the password falling into the wrong hands.

“Attackers can exploit this weakness,” says the Communications-Electronics Security Group (CESG). “The new password may have been used elsewhere, and attackers can exploit this too.”

Instead of forcing a changed password at regular intervals, it recommends organisations provide users with information on when their account was last activated.

GCHQ says sticking to the same password for a long time – unless it’s something like ABC123 – is a good idea.

The news comes as a new study into online privacy reveals that one in three Brits secretly know their partner’s passwords .

The survey by money-saving website VoucherCodesPro has revealed the UK’s attitude to trusting loved ones with our passwords .

It discovered that almost three quarters of us have looked through social media messages on someone else’s account without their permission.

The team responsible for the study polled 2,211 UK adults between 18 and 45 who have been in their current relationship for at least two years.

Initially respondents were asked if their partner let them access their social media channels when they wanted to; 51% of respondents stated they did. Respondents were then asked if their partner had let them know their password for social media channels, 21% stated they had.

Following straight on from this, all respondents were then asked if they knew their partner’s password without them being aware of this – with 34% stated they did.

Researchers asked these participants how it was they found their partners password out, 59% stated they ‘guessed’ it, 37% said they ‘keyboard watched’ and the remaining 4% asked their partner’s friends.

As to what those sneaky snoopers got up to once they’d accessed their partner’s accounts – the researchers provided a list:

  • Looked through social media messages – 74%
  • Looked through the photo gallery – 59%
  • Looked through emails – 54%
  • Looked through browser history – 46%
  • Looked through bank statements – 39%

George Charles, spokesperson for www.VoucherCodesPro.co.uk , made the following comments regarding the study:

“Being open with your partner is incredibly important and snooping at their social media channels or any private documentation just isn’t the way to achieve a healthy relationship,” said George Charles, a spokesperson for VoucherCodesPro.

“Knowing your partner’s password without their knowledge will only lead to trouble. It suggests you are looking for something and if you look hard enough, you will always find something to convince you that your fear is real.”

By Jeff Parsons for www.mirror.co.uk

  • 1
  • 2

Follow us on social media: 

               

View our magazine archives: 

                       


My Office News Ⓒ 2017 - Designed by A Collective


SUBSCRIBE TO OUR NEWSLETTER
Top