A database reportedly containing roughly 93.4 million Mexican voter registration records was discovered on an Amazon cloud server without any password protection and includes everything from home addresses to ID numbers, a security researcher has disclosed. Here to comment on this news is Brian Spector, CEO of Miracl.
Brian Spector, CEO, MIRACL:
“This must be one of the largest breaches ever recorded, with potentially serious consequences for all those affected. Given that we are also on the cusp of major elections in the US and UK, we all need to sit up and take notice – this kind of personal information is a key target for hackers because identity fraud is a billion dollar business.
It is still too early for more detailed analysis as we don’t have all the information, however the attack vectors commonly used to initialize attacks of this magnitude are to gain access by stealing employee or insider credentials. The credentials are still all too often simply user name and password. What the attacker knows: when a password, irrelevant of how complex the password may be, is successfully stolen, the attacker can get access to internal systems and work their way to sensitive information – and steal it all.
The underlying issue is that the username and password system is old technology that is not up to the standard required to secure the deep information and private services that we as individuals store and access online today. By contrast, new, secure methods of two-factor authentication can provide much stronger security, and make database hacks, password reuse, browser attacks and social engineering a thing of the past.”
[su_box title=”About Brian Spector” style=”noise” box_color=”#336588″][short_info id=”60907″ desc=”true” all=”false”][/su_box]
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.