Trapster data breach sparks single password warning

The possible theft of millions of email address and passwords from online smartphone speed trapping service Trapster has sparked several warnings against using a single password for multiple services.

Download this free guide

From forensic cyber to encryption: InfoSec17

Security technologist Bruce Schneier’s insights and warnings around the regulation of IoT security and forensic cyber psychologist Mary Aiken’s comments around the tensions between encryption and state security were the top highlights of the keynote presentations at Infosecurity Europe 2017 in London.

Start Download

• Corporate E-mail Address:

  You forgot to provide an Email Address.

  This email address doesn’t appear to be valid.

  This email address is already registered. Please login.

  You have exceeded the maximum character limit.

  Please provide a Corporate E-mail Address.

By submitting my Email address I confirm that I have read and accepted the Terms of Use and Declaration of Consent.

By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

Trapster has not confirmed the theft, but said it had experienced a "security incident" and told members it was best to assume their details have been compromised.

The online service advised users to change their passwords on Trapster and any other site using the same password.

Del Harvey, who heads Twitter's Trust & Safety department, warned Trapster users to change their passwords after the breach was announced.

"Don't use the same password on multiple sites," she tweeted.

Graham Cluley, senior technology consultant at security firm Sophos, described Harvey's tweet as a "smart move" in light of last months spam campaign on Twitter abusing credentials stolen in the Gawker hack.

"If hackers grab your password in one place, and you have carelessly used the same password elsewhere, then you could be on a dangerous road. So, always ensure that you use different passwords on different websites," he wrote in a blog.

Using a single password for multiple sites increases the risk that if any of the websites get hacked then all the others can be accessed, said Paul Vlissidis, technical director at NGS Secure, an NCC Group company.

"As well as the websites' responsibility to keep their customers' data safe, users must also accept that their behaviour directly affects their own security," he said.

According to Vlissidis, website owners should declare if they store your passwords using strong hashing.

"This is a simple process and not any more expensive to implement. Unfortunately websites not using this method of cryptography is something we see all too often and this can only be down to developers' laziness or ignorance. In the case of Trapster, it would appear that they didn't encrypt or hash, so the hackers got the crown jewels," he said.