Dan Goodin of El Reg has penned quite an interesting background article on a series of recent breaches that have exposed customer data. The breaches include McDonald's, Walgreens, and deviantART but there may be as many as 100 - and all seem to have a common thread. For details, see: Feds Probe '100 Site' Data Breach.
In an unrelated compromise, this past weekend Gawker Media reported a breach of their servers. In the Gawker incident (which included Gawker, Lifehacker, io9, Jalopnik, Kotaku, Deadspin, and Fleshbot), the attackers stole ~1.3 million usernames and passwords used to login to those sites and published them online.
While the passwords were encrypted, the method of encryption was not as strong as it should have been. Weak encryption combined with weak passwords allowed for quick cracking of about a third of the list in a few hours time. An additional 200k were cracked shortly thereafter.
The ease with which this was done is particularly problematic for those who use the same username/password combination across multiple sites. And because the email address was stored along with the username and password for the Gawker accounts, if the same password was used for that email account it could be compromised as well.
Given the expanding risk that can result from a single compromise, it would be nice to see security standards adopted that mandate collecting sites also encrypt stored email addresses. And that strong encryption be required.
In the meantime, you can protect yourself by:
Establishing a junk email account that is only used for supplying an email address for site sign-ins that require it.Ensuring the same password is not used across multiple sites. While remembering dozens of passwords may seem complicated, there are easy tricks you can use to simplify password management.Use strong passwords. Ideally, a password should be 14 characters (or longer) and a mix of alphanumeric characters and symbols, some in caps. This may seem difficult to remember, but there are tips you can follow to keep your passwords close at hand for easy recall but still safe from prying eyes.
Niciun comentariu:
Trimiteți un comentariu