A few months ago I was talking about different mailbox tools and mentioned email addresses are the keys to our online identity. They are, email addresses are the magic key that authenticates us and opens access to different accounts.
The bad guys know this too. The Justice department recently announced a plea deal related to compromised email accounts. The individual in question gained access to faculty, staff and student email accounts. They then used access to these accounts to access Facebook, iCloud, Google, LinkedIn and Yahoo accounts.

Awful but impt case: AZ man hacked 1000s of university students and faculty emails via a faulty password reset page https://t.co/T50jLgepdA

— Pwn All The Things (@pwnallthethings) August 16, 2017

The purpose was to target college-aged women to look through their email & cloud accounts for sexually explicit photographs and videos.

— Pwn All The Things (@pwnallthethings) August 16, 2017

The takeaway is this: your personal email is the portal to everything you do online. If it is compromised *all* of your other accounts fall.

— Pwn All The Things (@pwnallthethings) August 16, 2017

Mediapost published an article this week referencing a survey performed at this year’s BlackHat conference.

Of 250 hackers polled, 32% said that accessing privileged accounts was the easiest and fastest way to get at sensitive data.
The second most effective route to data, cited by 27%, was access to user email accounts.

Email accounts are the keys to the kingdom. Protecting them is a vital part of protecting yourself online.
 

attacks • compromise • data security • security