It happened again--hackers at LulzSecurity exposed Sony BMG's vulnerabilities and took hold of at least 1 million "unencrypted users, unencrypted admin accounts, government, and military passwords," according to the organization's Twitter status.
People at risk include those who have signed up for Sony or for Sony-related brands and sweepstakes, such as SonyPictures.com and TheYoungAndTheRestless.com.
If you're one of these people, your personal data--e-mail address, home address, phone number, and date of birth--might be compromised. Use these tips to survive the breach:
1. Beware of fraudulent e-mails. Now that your e-mail address(es) has been exposed, you're vulnerable to phishing attacks. Look out for e-mails from seemingly legitimate sites (like Sony) asking you for personal information such as passwords or bank account information. Be careful when clicking links or opening attachments in e-mails, even if they appear to come from someone familiar or trusted.
2. Use a different e-mail for "junk." If you're using your primary e-mail when signing up for things like sweepstakes, create a "junk" e-mail address and use that instead. Some of the Sony accounts exposed were those associated with giveaways like "The Summer of Restless Beauty Instant Win."
3. Look out for fraudulent calls. Watch out for illegitimate calls--your phone number, accompanied by your address, gives criminals enough information to impersonate a representative from a company like Sony. So if you get a call claiming you won the Sony-Autotrader sweepstakes, think twice before accepting it.
4. Use a unique password for every account. Though it's convenient to use the same password for all online accounts, your security is on the line. Create a unique password for every account and keep them somewhere safe and private. Not even LastPass can be trusted.
5. Change your security questions. Your e-mail address, along with the other data exposed in the breaches, could be used to reset your account passwords. Change your security questions immediately, and consider creating your own unique question if the service gives you the option.
6. Don't give up information in the first place. Before joining a service or entering a sweepstakes, consider the necessity of the account and the consequences of signing up. If you choose to sign up, check to see which fields are required, as oftentimes your home address and phone number are optional.
CNET senior writer Elinor Mills contributed to this report.
This post was updated Friday 12:45 p.m. PT to remove the recommendation of LastPass, as it too was recently hacked.