The possible theft of millions of email address and passwords from online smartphone speed trapping service Trapster has sparked several warnings against using a single password for multiple services.
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
Trapster has not confirmed the theft, but said it had experienced a "security incident" and told members it was best to assume their details have been compromised.
The online service advised users to change their passwords on Trapster and any other site using the same password.
Del Harvey, who heads Twitter's Trust & Safety department, warned Trapster users to change their passwords after the breach was announced.
"Don't use the same password on multiple sites," she tweeted.
Graham Cluley, senior technology consultant at security firm Sophos, described Harvey's tweet as a "smart move" in light of last months spam campaign on Twitter abusing credentials stolen in the Gawker hack.
"If hackers grab your password in one place, and you have carelessly used the same password elsewhere, then you could be on a dangerous road. So, always ensure that you use different passwords on different websites," he wrote in a blog.
Using a single password for multiple sites increases the risk that if any of the websites get hacked then all the others can be accessed, said Paul Vlissidis, technical director at NGS Secure, an NCC Group company.
"As well as the websites' responsibility to keep their customers' data safe, users must also accept that their behaviour directly affects their own security," he said.
According to Vlissidis, website owners should declare if they store your passwords using strong hashing.
"This is a simple process and not any more expensive to implement. Unfortunately websites not using this method of cryptography is something we see all too often and this can only be down to developers' laziness or ignorance. In the case of Trapster, it would appear that they didn't encrypt or hash, so the hackers got the crown jewels," he said.