There have been a few high profile successful phishing attacks recently targeted not at uneducated and naive Internet users but at employees of Internet start-ups who should almost by definition be more technology savvy than majority of Internet users. The most concerning to us was an attack on our immediate competitor Outbrain where Syrian Electronic Army hacked several high profile web sites (e.g. Washingtion Post) through the Outbrain widget (which is very similar to Zemanta's offering). Hackers got the access to Outbrain back-end system by successfully phishing password from an Outbrain employeee. We've put lots of stress on security already before but the Outbrain incident was a good opportunity to remind my colleagues about importance of following security best practices. Therefore I provided them with the following advice:
- Turn on 2-factor authentication for your e-mail account. Most of us had 2-factor authentication turned on already, but now we have made it mandatory for all employees.
- Have a different password for each service you're registering with. I know that's annoying but it's the only safe practice. And it's just not possible to have security without at least some annoyance.
- Never log-in without thinking. Having a different password for each service is great way how to force yourself to think before log-in.
What happened to Outbrain can easily happen to any of us, too. So please, be vigilant and take care!