April Showers bring May….Breaches?

breach.jpg

Photo Credit: Jeff Keyzer (http://www.flickr.com/photos/mightyohm/6882749323/)

Breach data from datalossdb.org

 

Selling your data is big business…and business is booming. In the past two months alone, there have been over 200 million records potentially compromised.

 

In April, AOL was hacked--putting grandparents everywhere at risk. Bad joke, I know. Out of a potential 120 million records compromised, there were probably quite a few active users in there.

 

In May, it was eBay and AVAST accounting for 145,400,000 personal records.

 

Throw in a few breaches from across the pond: Eircom (Ireland) and Orange (France) and that’s another 1,650,000 records.  

 

What’s next? Who knows, but I would bet the farm on another large breach every other month until the end of the year.

 

These breaches were all a result of some sort of hack. Turns out organizations that are breached aren’t exactly forthcoming in the details. It’s probably safe to assume there was a SQL injection here, a zero day in a CMS software there, and some social engineering/stolen accounts sprinkled in. Maybe it was a remote file include or nation-state targeting a competitor…who knows; the point is millions of personal records were exposed.

 

It would be nice to say breaches are 100% preventable but that really isn’t the case.  The financial value of compromised personal records makes a juicy target for attackers - those with financial backing, manpower and time. There are just not enough qualified security professionals out there to defend against the massive collective of for-profit hackers!

 

According to CNN’s research, 47% of American adults have had their personal information breached in the last 12 months. That being said, we shouldn’t resign ourselves to defeat. So…

 

As a Consumer, What Can You Do To Prevent/Protect?

  • Use strong passwords/passphrases.
    • Try using a pass phrase instead of a pass word. These are harder to predict and crack by far, example:

comic.png

  • Do not use the same password on multiple sites. If one site is breached and your password is stolen, it may be used against you on other sites.
  • If you absolutely can’t remember multiple sites passwords, use a password manager to make that easier. 
  • Clear your cookies and saved passwords often for sites that handle purchases.
  • Use credit cards as opposed to a debit cards, more insurance options are available.
  • Demand service providers take security seriously. Chose services that have a visibly stated security policy on the website. Vote with your dollars.
  • Do not click on links in emails that ask you for any sort of update or password. If they make it into your inbox (meaning they passed your spam filter) and you are unsure if they are phishing attempts, go to the legitimate site via their web address or Google (as opposed to clicking the link in the email).  Then check the relevant information there. If still unsure, call their helpline on the number stated on the legitimate website.

 

What Can You Do Post-Hack?

  • If a breach occurs that you are involved in, change passwords and be vigilant in monitoring any accounts that may be affected.
  • If a service you subscribe to has been hacked, take advantage of any free credit monitoring your service offers afterwards.
  • If you notice signs of fraud or identity theft, immediately start the FTC’s recommended steps.

  

As always, feel free to reach out to us here at Fortify on Demand at with any questions via Twitter (@hpappsecurity) or via email  (fodsales(at)hp.com).  We'd love to hear your questions or comments about our data breaches, identity theft management, and how it affects you.

 

---------

About HP Fortify on Demand

HP Fortify on Demand is a cloud-based application security testing solution. We perform multiple types of manual and automated security testing, including: web assessments, mobile application assessments, thick client testing, ERP testing, and more. We do this both statically and dynamically, both in the cloud and on premise. 

                       

Leave a Comment

We encourage you to share your comments on this post. Comments are moderated and will be reviewed
and posted as promptly as possible during regular business hours

To ensure your comment is published, be sure to follow the Community Guidelines.

Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
Search
Showing results for 
Search instead for 
Do you mean 
About the Author
Featured


Follow Us
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.