A Lesson From the Sarah Palin Email Hack

Much has been written recently about the Sarah Palin email hack.  This hack was not the result of some exotic new virus or an uber-hacker with a secret toolkit for compromising webmail accounts.  No, this was nothing more than a curious youngster doing some basic Internet searches and using the information obtained to take advantage of a weakness in the email provider’s password reset feature.  I have written before about the dangers of social networking sites andhow it is important to limit the amount of personal information you publish about yourself and your family.  The Sarah Palin email hack is a perfect example of what can happen if you fail to heed that warning.

Sarah Palin, the Republican Vice Presisential nominee, was using Yahoo for her personal email account.  Yahoo provides a method for changing a forgotten password that requires four pieces of information: 1) Date of Birth 2) Country of Residence 3) Postal Code and 4) Answer to a Security Question.

The security question is usually something like “What is your pet’s name?” or “Where did you go to high school?”.  In the case of Sarah Palin it was “Where did you meet your spouse?”.  The hacker had little trouble finding out the first three pieces of information with basic Internet searches.  The answer to last question was not difficult to guess once he or she learned that Sarah and Todd Palin met in high school.  After a few guesses the hacker hit the jackpot with the fairly obvious answer of “Wasilla high”.

It is not difficult these days to find out just about anything about anyone by searching the Internet.  Add to that the fact that most social networking sites not only allow you to share personal information with the world, but actually encourage it.  By searching sites such as MySpace and Facebook one can find a treasure trove of personal information freely shared by the users of such sites.  The four pieces of information necessary to reset a Yahoo account (and most other accounts) are often easily obtainable for users of such sites.  And it doesn’t take much more effort to find enough information to obtain credit or steal the identity of those who share too much information.  It should be obvious by now that the best way to prevent such an incident from happening to you is to limit the amount of personal information you make available.  Don’t share any information that is used as a security question, such as mother’s maiden name or where you met your spouse.  Conduct an Internet search for information about yourself and view your social networking site profiles to make sure you are not revealing too much information.  It is better to divulge too little information than too much.

Comments are closed.