If you have investments saved in a Charles Schwab account, keep an eye out for contact from the bank soon. A recent data breach has seen unauthorized login activity on several accounts, but the interesting part is, it’s not Charles Schwab that suffered the breach.

In recent days, SC Magazine reports, the company noticed unusual activity on several accounts. However, an investigation has shown that Charles Schwab itself was not attacked, and instead the usernames and passwords were obtained through other means.

In response, Charles Schwab has restricted online access for any impacted members until they can speak with the company and change their account information, in addition to monitoring the account for any suspicious activity. Clients should expect a call from a representative soon, if they haven’t been contacted already.

Password Security

The good news is: the company is fairly certain that the client information was not actually viewed, but rather accessed by an automated program to see if it worked. The program, the company believes, was used “to test large numbers of login credentials against many different accounts, both at Schwab and likely at other financial institutions.” Additionally, only a few people were affected, so the odds of being impacted by this are small.

However, this demonstrates exactly what can happen when people use the same password across multiple websites and accounts. When one password is stolen, any and all accounts connected to the same email address are also at risk, especially if they use the same or similar passwords.

Several security experts agree in a Cnet article, stating:

“If you follow one of the most important commandments of passwords, you know that you absolutely must have a unique password for every service you use. The logic is simple: if you recycle the same password (or a variation of it), and a hacker cracks one account, he or she will be able to access the rest of your accounts.”

Such is the case now, demonstrating exactly how using an identical password on multiple accounts can backfire. Once one is compromised, the rest absolutely must be changed to avoid this exact situation. The affected Charles Schwab clients played it loose with password security, and now they have to act fast before it comes to haunt them.

Photo by JeepersMedia