The biggest security breaches in 2012 are just as formidable as the ones from previous years. One thing that stands out is the ability for hackers to decipher passwords that weren’t properly encrypted. In this article, we’ll explore three of the biggest cases of data loss for the year, and how you can protect your information going forward.
Militarysingles.com Hack Exposes 160,000 Account Holders
A group of hackers claiming to be Lulz Security proudly took credit for hacking into the dating website militarysingles.com. The hackers posted the stolen data on public file sharing websites. The information included names, usernames, passwords, email addresses, and IP addresses of over 160,000 users.
ESingles, the company that owns the website, stated that there was no evidence that the site was actually hacked but promised to investigate the claim. In response, the hackers posted a “hacked by” page on the website and called the administrator stupid.
There seemed to be no question that the website was hacked although it might have been difficult for the organization to admit it. To make things more confusing, the site claimed to have only 140,000 users and that the passwords were encrypted. According to one blogger, that encryption wasn’t worth much and only took him seconds to figure out.
With so much confusion, there is not a lot that users of the site can do except for change their passwords on militarysingles.com as well as on every other website they go to, just to be on the safe side.
Formspring Disables all User Passwords as Result of Security Breach
Formspring announced early in 2012 that it had 28 million users. In July of that same year, the company learned of a network intrusion. The company was tipped by someone who found over 420,000 hashed passwords posted to a security forum belonging to Formspring.
The company responded by immediately disabling passwords for every user as a precaution. Users would be required to reset their passwords in order to login. The company also stated that the passwords were protected with cryptography. However, according to CNET, the passwords were only hashed but not salted as the company claimed.
Some dissatisfied users requested their accounts to be deleted in the wake of this mess. The company tried to reassure them that their information was safe. Additionally, Formspring posted tutorials teaching users how to create safe and strong passwords, which serves as a helpful reminder for anyone using online sites of any kind.
Blizzard Hack Potentially Affected 14 Million Customers
Blizzard, on online entertainment outfit, reported that it got hacked within three days of the incident. The swift announcement is certainly commendable; the company was also very open about the attack, stressing the fact that it didn’t know for sure what information was accessed.
15 months after the incident, the investigation was finally over. According to the notice they sent out to customers and the information the company officially reported, the hackers were able to email addresses, answers to security questions, and scrambled versions of passwords. Those affected were users for different websites including Battle.net and Activision.
The biggest problem with the security breach was the fact that Blizzard didn’t encrypt the answers to security questions. After all, this information may be used to log into other accounts without the right passwords. That’s because users generally choose answers they can remember which may reveal personal information about them. Answers to security questions can easily contain birthdates or maiden names and be abused by the hackers.
What you Need to Know about Passwords
When a site gets hacked, some user accounts will be compromised before others. That’s because some users will choose short or simple passwords that can easily be guessed. To keep your information safe, it’s important to be smart about passwords. Here are a few rules you and your company’s employees should live by when it comes to passwords:
- Never give anyone your password.
- Always use a mixture of letters, numbers, and special characters for your passwords.
- Aim for a password that’s at least eight characters long, however longer is better.
- Use a unique password for each site you log into; don’t reuse passwords for other sites.
- Change your passwords regularly.
- Don’t reuse an old password.
How We Keep Your Information Safe
At eFileCabinet, we take cyber-security seriously. We keep your information safe by encrypting all of your documents; even if someone was able to intercept the connection, they wouldn’t be able to see or read any of your files.
Of course, we also recommend that you and your employees use strong passwords to protect your accounts. We encourage you to take advantage of our role-based user access because it allows you to limit the information your employees see. After all, it’s not necessary to give them access to sensitive documents unless they need those to do their job.
Last but not least, eFileCabinet provides you with an audit trail that allows you to verify the authenticity of your documents. Only administrators can view the audit trail, but nobody can change it. To learn more about how eFileCabinet works, we encourage you to fill out the form on this page to start your free 15-minute demo.