Rob Cotton, comments: “The attack on Trapster, which has potentially compromised the personal data of the website’s 10 million users, yet again highlights the risks of sharing passwords between websites.
“It is common for users to apply the same passwords to frequently used websites, however, by doing this they are effectively increasing the risk that if any of the websites get hacked then all the others can be accessed. As well as the websites’ responsibility to keep their customers’ data safe, users must also accept that their behaviour directly affects their own security.
“Website owners should declare if they store your passwords using strong hashing. This is a simple process and not any more expensive to implement, however, unfortunately, websites not using this method of cryptography is something we see all too often and this can only be down to developers’ laziness or ignorance. In the case of Trapster, it would appear that they didn’t encrypt or hash so the hackers got the crown jewels.”
“You can often tell if a site doesn’t use hashing to store passwords by going through the ‘forgotten password’ process. If they send you your password then it is very unlikely that the site uses hashing, although it could still be using encryption. If they send you a link to reset your password then they may be. The only true way for users to be sure is to be rigorous in not sharing passwords between websites.”