Home
Insightful &
Helpful Articles

Here is what we're working on and
thinking at Hedgehog security.

The BBC reports that customers of Deliveroo (one of several online take-away food delivery companies here in the UK) have had their accounts fraudulently used to order food. Deliveroo have blamed the abuse on passwords obtained through attacks on other online companies. Whilst a healthy dose of scepticism might be in order, it is an entirely plausible explanation. And it perfectly illustrates precisely why passwords, or variations on the same password, should not be re-used across different web sites.
If the last two years have taught us nothing else, it has shown that no-one can afford to be complacent. In this world of constant change and software upgrades, staying one step ahead of the attackers is hard work. Given the news of the breach in 2014 Yahoo admitted to this September, it is entirely possible that one of my passwords has been exposed, but I can at least be assured that the damage is confined to a (barely used) e-mail/messenger account. Had I used the password on multiple sites I wouldn't be quite so relaxed.
Never sacrifice security for convenience. Password re-use? Just don't do it.