"Less than Half of Consumers Change Passwords Post-Breach"
Researchers at Identity Theft Resource Center have found a "shockingly high" disconnect between awareness of best practices following a data breach and actions taken. The researchers polled over 1000 US consumers to gauge their understanding of and response to breach incidents involving personal information. The researchers found that more than half (55%) of social media users have had their accounts compromised in the past, so there's generally a high level of awareness about what can be done to enhance personal security. However, nearly a fifth (16%) of respondents said they took no action following a breach. Less than half (48%) changed affected passwords, and only a fifth (22%) changed all of their passwords. The researchers stated that that is particularly worrying when 85% admitted to reusing log-ins across multiple accounts, putting them at risk of credential stuffing. When asked why they don't use unique passwords, 52% said it's too difficult to remember their passwords, 48% don't trust or know how to use password managers, and 46% don't think it's important or believe their password practices are good enough. Only 3% followed best practice advice following a breach notice and put a credit freeze in place to prevent fraudsters from running up debts on new lines of credit taken out in victims' names. Of the respondents that didn't take any action after a breach, the researchers found that a quarter (26%) of them claimed that they took no action after a breach notice because they believed that their data was already out there, while slightly more (29%) naively thought third-party organizations would handle the issue. Nearly a fifth (17%) claimed they didn't know what to do, while 14% thought the notice itself was a scam.
Infosecurity reports: "Less than Half of Consumers Change Passwords Post-Breach"