If somebody hacked your email account, it would ASSIST them for the following things
1) They would know many "secret" things about you / your knowledge 2) They could request / authenticate a PIN reset. 3) They could request a replacement credit card to be sent to another address under their control. and so on. The hacked email by itself would be very useful, but not always sufficient for their purposes. It may require supplementing by impersonation or interception of snail mails etc. Sarbajit On 12/6/11, Owen Densmore <o...@backspaces.net> wrote: > I feel naive but have to ask: > How exactly do stolen passwords help someone steal my credit card etc.? > > I ask because I'm assuming they do so by breaking into a website (Gawker > was mentioned) and get the password file. That file has a hash of my > password, and a very few other things like my login name. > > This is the only way they can crank on my hash to find words that translate > into the hash .. assuming they know how the site uses it (salt etc). > > OK, they have my password. Now what? > > They won't have my credit card number, that is stored elsewhere, and on > amazon etc it is reasonably well protected. And even I don't see the > credit card number .. only the last few digits. > > Ditto for my email address, also often used as a login "name", it's not > part of the password file, right? So how would they get my email address? > I suppose they can search for my login name and hope to correlate it with > an email address. > > Which brings me to the real threat Steve mentioned a while back: if someone > can hack into your mail account, they can simply go to amazon and click "I > forgot my password" .. and have it mailed to the compromised email account > which the wily hacker is monitoring and deletes as soon as the pw is > available. > > So shouldn't one's email account be the best secured? Best password? > > So I don't really understand how the theft of a password file automatically > turns into stealing your identity, credit cards and all. > > How's it done? > ============================================================ FRIAM Applied Complexity Group listserv Meets Fridays 9a-11:30 at cafe at St. John's College lectures, archives, unsubscribe, maps at http://www.friam.org
