HomeComputersLegion: Here’s how to keep your online accounts safe from malicious attacks...

Legion: Here’s how to keep your online accounts safe from malicious attacks by hacker groups


The hacking group Legion seems to be going after high level targets, in a campaign similar to the one executed by OurMine. The Legion group does not seem to be as sophisticated as OurMine, because they are choosing targets from an already compromised data, instead of deliberately finding ways to take down marks. There are some elementary safety precautions that you can take to secure yourself against attacks by groups such as Legion.

The elementary safety precaution is to use different passwords for different accounts. The leaked passwords used by Vijay Mallya in the hack showed that he had taken this precaution to a certain extent. A number of base text strings were used, with variations added on top. Now someone who has access to these base strings and variations can attempt to guess passwords for new accounts. It is important to constantly cycle passwords for critical accounts, and not share the same passwords across services. Variations might be simple to remember, but it is more secure to have completely different alphanumeric strings.

Keeping track of multiple usernames and passwords can be daunting, a secure password manager such as LastPass is better than saving your passwords in a notepad file in your email inbox. The mobile application available on iOS and Android allows users to store their passwords behind the biometric security offered by a fingerprint scanner. One common mistake is to write down your passwords on a sheet of paper, it is worse to list all your usernames and passwords on a single sheet of paper.

Constantly cycling passwords protects users from compromised dumps. If a service offers two factor authentication, it is better to activate it to prevent hostile takeovers to accounts. Most popular email, social networking and content distribution platforms support two factor authentication. Another vector of attack is through the secret questions set at time of account creation. Do not key in the actual answers to the questions, as someone who knows users personally can guess the answers. Instead use obscure questions, as well as hard to guess answers, even if a known person attempts to takeover your account. Guessing the answers to the secret questions is one of the most common ways accounts are compromised.

It is a good idea to check if any of your accounts have already been compromised. Haveibeenpwned is such a service that allows users to check if their email addresses or usernames are compromised in any of the large well known data dumps. These are large dumps of login credentials farmed from compromised third party sites. The site will let you know in which dump your credentials appear, and you can take steps to safeguard that account. Checking the site periodically is a good idea to keep your accounts safe.

Subscribe To Our Newsletter!

To be updated with all the latest news, offers and special announcements.



Please enter your comment!
Please enter your name here