Hello my fellow Steemitians,

Today I am going to reveal you how you all are getting hacked by hackers without even having a single clue!
This is a very vast topic so I am creating a Part by Part series.If you like the knowledge I am sharing than please motivate me to write more in comment section.
Whatever I will tell you is coming from my own experience and research. I have given my 6 years and counting in cyber security domain. So let's get started!

Part One : Your Privacy and Passwords.

Let's take example of news. We all want to be updated in day to day life with current affairs and gossips.
What we do??
We go to news, articles or websites to read the news. Now that's completely fine, after scrolling a little bit we see a pop up like below

If the content is cool you preferably want to give your email address to receive good stuffs in future also.(which will then web owner can use for marketing and sale purpose also.)

Here is a problem which you shouldn't notice or asked.

Is the site genuine? (Inner me : Why should I care it's just a news website)

My friend even if the site is genuine but not secure your email address along with 100k others can be exposed to Darkweb and Hacking forums which will give you troubles in future. I will show you how this can be accomplished without any tools in this post alone.

If that news site you just provided email address to is malicious or vulnerable your privacy is gone for sure.

Now let's come to second part the

Passwords

Consider this scenario:

• You have to register to a website which is providing you free Airdrops.
• Website requires your email address and password to begin with registration.

Tell me honestly, How many of you will write a password different from the one you are using to login to Facebook or gmail or any other account.( Very few because it is easier to remember the password if we are already using it)

Suppose that Airdrop website you have entered login and password got hacked or it was sent to you by a Hacker to trick you exposing the password.

Can you confirm your other accounts and bank details are safe?

Let me show you how easily it can be done on vulnerable sites.

I go to this website and Register.

I have been logged in successfully.

Now a hacker comes to website found a vulnerability that says that website don't have any access control mechanism.
Look below what he just found from the website

My Username along with password has been exposed!!
I am hacked even if website is genuine.

The website I used to demonstrate this hack is of tony hount for his security related course. I have followed and learned alot from him.

This website is provided by troyhunt.com as part of the Pluralsight course Hack Yourself First: How to go on the cyber-offence. It's full of nasty app sec holes. No seriously, it's terrible!
This course is designed to help web developers on all frameworks identify risks in their own websites before attackers do and it uses this site extensively to demonstrate risks.

Welcome to Reality

Solution:

• Subscribe to websites only if their is no other option left. Make sure site is genuine and secure.
• Always use different passwords for different accounts. Take help of Password management apps(Keepass) if required.
• Don't Trust.
• Investigate and Think before giving your privacy in someone's Hand.

I hope you have liked what you just witnessed. Nobody is going to tell you this as in present date something similar to this is what hackers are using.

You won't find this on internet this is my words.

Please write in comments what you have liked/Disliked. Support me to rise!

Regards,
Aman Srivastava

Source :

https://thehackernews.com/2017/12/data-breach-password-list.html

http://hackyourselffirst.troyhunt.com

https://www.independent.co.uk/life-style/gadgets-and-tech/news/gmail-yahoo-email-accounts-hacked-25-million-sold-dark-web-suntzu583-a7641196.html