Man-in-the-Middle attacks

Last year, news broke of a security flaw on dating website, Match.com, leading to tens of millions of the dating websites users’ passwords potentially being at risk.

This was due to the site not using HTTPS encryption so the emails addresses and passwords of users logging into the site could potentially be stolen by anyone on the same Wi-Fi network as them. Anyone using their m=Match.com account while, say, using a public network in a café, could have been at risk.

This method of hacking is known as a Man-in-the-Middle attack.

What is a Man-in-the-Middle attack?

man-in-the-middle-attack-image

Photo Credit: TheHackerNews.com

In simple terms, a man-in-the-middle attack is a situation in which a malicious eavesdropper (the “man in the middle”) is able to read (or write) data that is being transmitted between you and the website you’re browsing. The attacker is typically a link in the chain through which data travels as it goes from you to the website or vice versa, and they have been able to successfully impersonate each side to the other, hence getting total access to the communication. For this type of attack to be possible, both sides of the conversation need to have a security flaw.

The consequences are that any sensitive personal information (think passwords, personal data, financial information, etc.) can be read by the attacker in such a situation.

Protect Yourself from Man-in-the-Middle Attacks

With any security flaw or data breach, the most important thing is to change your password if you think you could have been breached. Ask yourself whether you have accessed any Wi-Fi connections recently which were open to others?

Next, ask yourself whether you have used your Match.com password on any other services (email, social media etc.)? More likely than not the answer to this question is yes, which means you will need to change all of those passwords too. This is because if a hacker has managed to access a user’s details, they will also be vulnerable across any other sites where they have used the same password.

It’s crucial to make sure you are using a different password in all locations across the web to ensure that the damage of any breach is limited to that site. After all, you wouldn’t use the same key to lock your house, car and office. To find out how many weak passwords you are using why not try out our new tool, Dashlane Inbox Scan, which will reveal how many times you have re-used certain passwords and which ones are most vulnerable to attacks.

More generally speaking, here is some more advice to ensure you are safe from a man-in-the-middle attack:

  • Do not use Wi-Fi connections that aren’t yours (Think: your coffee shop Wi-Fi, the free Wi-Fi in your building or even the airport)
  • Delete Wi-Fi networks from your devices that aren’t yours, and make sure to secure your Wi-Fi connection with a unique, private password.
  • Use strong, unique passwords on all of your online accounts and physical devices, including phones, computers, wearables, and other devices that can connect to the Internet.
To keep yourself, your family, and/or your business protect from other types of cyber attacks, make sure you read these articles on our blog!
How to Protect Yourself from Phishing Scams 
5 Quick Tricks to Improve Your Online Security in 5 Minutes
A Parent’s Guide to App Permissions: Are Your Kids’ Favorite Apps Accessing Their Data Without Your Knowledge?
Are Collaboration Tools and Apps Leaving Your Business Vulnerable to Data Breaches?