While there are plenty of companies you can do business with, not one of them is exempt from being hacked. The truth is that most security breaches and data losses are the result of hacking. Fortunately, there are some things that companies and customers can do to protect their information. This article explores three cases that involved large data losses due to hacks and offers some suggestions on how to safeguard your information from security threats.
24 Million Zappos Customer Accounts Hacked
Zappos, a company that prides itself on great customer service, was the victim of hackers early in 2012. 24 million customer accounts were affected. The hackers were able to access names, addresses, phone numbers, email addresses, encrypted passwords, and the last four digits of the customer’s credit card on file.
The incident was devastating for chief executive Tony Hsieh. After spending 12 years to build up a reputation and earn customers’ trust, the security breach may present a serious setback for the company. Zappos, now owned by Amazon, instructed all employees to assist in responding to customers who inquire about the breach.
Zappos requires its customers to reset their passwords. But experts caution that customers should change their passwords on other sites, too, just in case the hackers are able to decipher the encryption.
Dropbox Gets Hacked and Users Get Spammed
While hackers tend to spend a lot of time and effort gaining access to secured websites, sometimes they don’t have to work that hard. In the case of the 2012 Dropbox hack, there were several things the company could have done differently to prevent the hack.
When many Dropbox users reported receiving spam emails, an investigation was started. Dropbox confirmed that its users were experiencing an onslaught in spam. But what was ultimately revealed about the hacks is even more concerning: the spam attacks were traced to an internal problem.
A Dropbox employee was using the same password on a corporate site that was also used for their Dropbox account. By hacking the corporate site (it’s unclear which site), the hackers were able to access the document the employee was working on. That particular document contained user email addresses which were spammed.
This is certainly a situation where customer information should never have been compromised in the first place. After all, that Dropbox employee could have simply used dummy data and avoided the entire situation.
To make things worse, Dropbox sent out emails to its customers urging them to reset their password with a link contained in the email. That is exactly the type of email consumers should be leery of since phishing emails do the same thing and it’s virtually impossible to distinguish a real email from a corrupt one that is seeking more information.
As a response to the hack, Dropbox added additional security features to prevent similar problems in the future. In the meantime, its customers were left with numerous spam emails in their inboxes.
Cyber Security Firm Hacked
A cyber security firm called Hacking Team unexpectedly became the victim of hackers. The company is based in Italy and offers security services to law enforcement and national security organizations. But hackers revealed a much darker picture of the company with the 400 GB of data that they accessed and published in the summer of 2015.
The hackers posted document after document on the company’s Twitter feed showing how Hacking Team has been working with numerous repressive governments. One such tweet showed that Hacking Team had been negotiating with a third-party reseller to export its malware to Nigeria. If the leaked documents are genuine, they show that Hacking Team’s clients include governments and security services of Azerbaijan, Kazakhstan, Uzbekistan, Russia, Bahrain, and Saudi Arabia.
In this case, the hackers may have done the public a service by revealing that profits come before ethics for organizations like the Hacking Team. Now law enforcement officials will have a chance to investigate the company further.
The Importance of Strong User Passwords
The Zappos and Dropbox hacks demonstrate the importance of strong user passwords. As we have discovered, it’s impossible to prevent cyberattacks by hackers. However, companies have a good chance of minimizing the chance for data loss by using proper encryption in addition to strong user passwords.
The biggest problem is that stolen passwords can be used to do damage elsewhere. After all, many people use the same password over and over again for every online login. For example, if hackers get a hold of your Dropbox or Zappos account password, they can use that password to log in to your bank, email, corporate login, and everywhere else.
How eFileCabinet Keeps Your Information Safe
At eFileCabinet, we take cyber security seriously. We encrypt all of the information you store with us as well as the password you use to log in. Additionally, we help you set up user-based account access for your employees to reduce the chances of unauthorized access.