Episode 2
Password Leak
Also in this episode we deal with a human error: in this case a simple naivety that can happen to everyone, but that can also have serious consequences in terms of data and information security. In the episode we find out what can happen if you do not adequately protect the password that allows access to your computer, your email or even the management system of the institution or company for which you work. Fortunately in this story there is the intervention of a new character ready to “put a piece” … really super!
The characters of the story
The story
Glossary
Management System
Also called E.R.P. or Enterprise Resource Planning, the \"management software\" is software with tasks of managing workflows.
The main ones in the category are:
- Accounting software
- Warehouse software
- Production software
- Budgeting software
- Financial management and analysis software
- Dedicated software
Access
Often also referred to as authentication or login, it is the process that allows a user to "enter" a system or software to be able to use it and access the information and features contained therein. Usually it occurs through the use of credentials, or a combination of a user name, which can also be an email address, and a password. There are also more complex access and authentication mechanisms, which include other elements such as physical characteristics (fingerprint), owned objects (tokens, smart cards), etc.
Password
Keyword: We have heard about it very often, it is the code that we insert on the computer systems, when we open the email, and on the applications we use daily, together with the username, the username. We know by hearsay and based on the recommendations provided by many internet sites that it must be a word, or a complex sentence with particular codes and that it should never be easy to guess (never use birth date, name of a pet or plaque car ...). For this reason it is always advisable to use different and complex passwords. Another good practice is to periodically change our most important passwords.
Database
By database, sometimes abbreviated DB, we mean a system that hosts a set of organized data, stored in a computer and searchable via terminal.
Sensitive data
Sensitive data are personal data whose collection can take place only with the consent of the interested party and authorization by the Guarantor for the protection of personal data. These data must be processed and protected with appropriate security measures. Those related to are considered to be sensitive:
- racial and ethnic origin;
- religious, philosophical or other beliefs;
- political opinions and membership of parties and trade unions;
- associations or organizations of a religious, philosophical, political or trade union nature;
- state of health;
- sexual life.
Today's lesson
Does it seem incredible what you read? Yet to create this story we were inspired by a true story: malicious people contacted the employee of a public body by telephone, posing as technicians, and managed to get passwords to access a database, from which they stole sensitive information and data.
For this you have to keep in mind the recommendation of the technician Giovanni, and to handle with the maximum care all your passwords, above all if they give access to some programs or the computer systems where sensitive data are found.
What should I do?
Know more with external links
-
Deepening 1A scam in which false e-mails and phone calls asked victims to pay money via a link transfer there is a reference in addition to phishing, even to phone calls that have arrived to the victims
-
Deepening 2A notice from the Subito.it portal, which warns its users that they could be victims of fake operators who call to steal access data
-
Deepening 3A scam in which an attacker has stolen a username and password to empty a victim's account