Sporting goods company Adidas said its U.S. e-commerce website was breached this week, and emails, encrypted passwords and usernames were stolen.
The company said Thursday it is alerting millions of consumers about the breach and had not yet determined a full tally of those affected. The incident, which Adidas said was discovered Tuesday, is similar to a breach in March of sportswear firm Under Armour, which resulted in 150 million stolen customer usernames, email addresses and encrypted passwords.
For the breaches at both Adidas and Under Armour, only credentials were affected, not more intimate details like fitness information or credit card numbers, according to the companies.
Though you may have grown accustomed to hearing about these types of breaches, the incident at Adidas still serves as a good reminder why it’s important to practice good password habits.
The consequences of not resetting your password after a breach include potentially giving scammers who purchase the stolen information access to your online accounts, which can include payment information or other personal details. If you frequently use the same username or password, it may give a criminal access to your other accounts.
The Computer Emergency Response Team, the agency within the Department of Homeland Security that monitors and helps coordinate the country’s response to cyberthreats, has several pointers for how consumers can practice good password hygiene.
The CERT recommends you should never use the same password for different sites, and you should avoid using words in your passwords that can be found in a dictionary. Instead, creating easy-to-remember nonsense words — such as by using the first letter of each word in an easily remembered phrase — can help create passwords that are not easily broken by common hacking tools.
The agency also recommends whenever possible to use multifactor authentication, which adds another step to the login process but can greatly increase account security. Common additional factors of authentication include answering questions about personal information, having a special code texted to your smartphone or recognizing a preselected image on your login page.
Other recommendations from the CERT include:
- Don't use passwords that are based on personal information that can be easily accessed or guessed.
- Use the longest password or passphrase permissible by each password system.
- Don't use words that can be found in any dictionary of any language.
For people who store sensitive information or own a business, the CERT also has recommendations for supplementing passwords that can help provide more sophisticated tips for strengthening personal or enterprise accounts.