Low reaction to a breach
A recent study from the Carnegie Mellon University security and privacy institute has revealed that only around one third of people change their passwords following a data breach. The study collected data from 249 participants over a two year period who agreed to share their browsing history.
Following an analysis of the participant’s data, 63 had accounts that been breached that had also been publicly announced. Only 21 of those 63 participants, whose accounts had been breached, accessed their accounts to change their passwords and only 15 changed their password within three months of announcing the breach.
It was also found that, those who did change their password chose a weak new password. Of the 21 participants who accessed their accounts to change their passwords, only 9 changed it to a more complex password. The remaining participants created passwords of similar complexity or to other accounts that also have.
The study, while small in scale, is, however, more accurate in representing real-world user practices when it comes to user behaviour following a data breach. This is because the study is based on actual browsing data and traffic rather than survey responses from users that may sometimes be inaccurate or subjective.
If you have been impacted by a data breach, access your account and update your password to protect your data. Be sure to create a new password that is complex, not easy to guess and is not similar to other accounts you may have.