The recent publicity about Kanye West’s e-mail account being hacked made me think about how one account can lead to so many more. A quick scan through anyone’s Gmail account is likely to show various welcome e-mails from other accounts such as twitter and facebook.

These accounts are linked to an e-mail account for alerts or password reset functions. Sometimes the welcome e-mails will show the full credentials that the user signed up with, sometimes just the username. Most websites will have a password reset functions that sends an e-mail to the users e-mail account so a hacker could quite easy perform this operation once the first account is hacked.

So you can see if someone has an account they generally use for signing up to other websites, one hack will definitely lead to more compromise.

What can you do? This is a tricky one. Until more websites ask for security information during reset functions and stop sending credentials in e-mails this will always be a problem. The real advice is to make sure you protect your e-mail as much as possible and use good quality passwords that can’t easily be guessed. Avoid any computer that isn’t your own, particularly Internet cafes and public computers which are likely to harbour key logging software. The use of third factor authenticaiton such as token is also highly recommended where available.