Following the news that 45 million accounts from home, tech and sport forums have been stolen after hackers infiltrated media company, VerticalScope, Jonathan Sander, VP of Product Strategy at Lieberman Software and Javvad Malik, Security Advocate at AlienVault commented below.
Jonathan Sander, VP of Product Strategy at Lieberman Software:
As more and more sites are breached and passwords are stolen, the hope is that users are getting the message that password use is not OK. If a bad guy gets access to their sports forum account, they probably are only in danger of angering the folks in their local clubhouse with fraudulent posts. If they used the same password at their bank as that sports forum, however, then maybe they’ll get kicked out of their club when they can’t pay their dues when their account is drained of all its funds.”
Javvad Malik, Security Advocate at AlienVault:
“The article throws up some commentary on the poor way passwords were held and that they were likely all in one big dataset… which unfortunately, indicates that most companies are still failing at the basics when it comes to security. Having segregated environments, strong password storage, and effective monitoring and detection controls to be alerted when a breach occurs should be the cornerstone of any online service offering.
When these types of breaches continually occur we see two prominent shifts. On one hand we see regulators get extremely twitchy and become closer to increasing regulation which means more fines for companies and more investment in security up front. On the other hand, customer trust becomes fragmented and lost across all online services. While this may not be visible in the traditional sense of how we view trust, i.e. people leaving a service – but they will be more likely to use fake information to populate profiles such as date of birth, address, or other personal details. The knock on effect is that a number of online entities will not get to know their user-base very well at all and could impact future product development.
From a victim perspective, the advice would be to change passwords on other sites which may have been using the same password as one of the forums and keep an eye out for unusual activity – turn on alerting and multi-factor authentication.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.