Monday, November 2, 2015

I'll give you $2.00 for all your passwords.

So....

I still use Amazon Mechanical Turk for occasional quick-cash surveys.  I'm to the point where I plan to spend the next 500 Turk Hits towards actual "impulse purchases" instead of thinking I can make money off of it.

Well, as you complete more and more HITS, a wider array of tasks become available to you.

Tonight, I filtered tasks by sorting the newest and highest paying first.  And this one appeared near the bottom of the first page:




Do you see that?!?! Okay, you want to pay me $2.00 USD for all my "old" passwords? For "research".... I read a study earlier this year stating Americans over 30 will use the same passwords over and over again , regardless of usability or password strength.

So, if you collect 20 passwords from an individual, then track their Amazon Mechanical Turk activity (including the IP Address the HIT is submitted from), you can easily hack into a user's system, apps, or accounts.

Surely, people aren't that dumb, right?