Any company that conducts business primarily on the web is vulnerable to data loss and security breaches by hackers. But what can hackers really do with the data, and how can organizations safeguard against cyberattacks? In this article, we’ll turn to recent cases to explore cyber security and establish how to enforce it.
8 Million Passwords Cracked for Users of LinkedIn and eHarmony
Cracking passwords is not easy. Algorithms called cryptographic hashes are what keep your passwords safe—they take the data you input and turn it into a fixed-sized “hash” or digest” that make it very difficult to get the original data or message from the hash.
Depending on how a password is hashed, it can take months to decipher. That’s why hackers are attacking the problem in large groups. In June 2012, an unknown hacker posted more than 8 million cryptographic hashes to the Internet.
The passwords seem to belong to LinkedIn and eHarmony users. And since it’s so time-consuming to crack all of them, underground hacker forum members are tackling the problem together. When several different people are working on it, it can take just a few days or even a few hours to crack the code.
While it’s not clear if the hackers obtained every user’s password, LinkedIn recommended that users change their password. eHarmony users are advised to do the same. Additionally, if customers use the same password with other services, it makes sense to change the passwords there as well.
6 Million Facebook Users Shared Phone Numbers and Email Addresses
On June 21, 2013, Facebook released the following statement: “Even with a strong team, no company can ensure 100% prevention of bugs.” That’s why Facebook instituted the White Hat Program. The White Hat Program allows external researchers to report bugs and collect a financial reward for doing so.
In 2013, someone received the bug bounty for reporting a bug that affected about 6 million Facebook users. The bug caused contact information to be downloaded as part of a Download Your Information (DYI) tool. Fortunately, this security breach isn’t as serious as it sounds because the downloaded information included the phone numbers and email addresses of people the data recipients were already friends with on Facebook.
Nevertheless, while Facebook uses complicated algorithms to recommend friends, content, and many other things, there is no intention to share additional information with its customers. Fortunately, the bug was disabled before more people were affected.
eBay Hack Compromised 150 Million Accounts
In May of 2014, eBay had to give its customers some really bad news: it had been hacked. What’s worse, while the hack occurred between March and April, eBay didn’t find out about it until May. Hackers were able to access 150 million user accounts after compromising an employee’s login credentials.
The data that was accessed included email addresses, addresses, phone numbers, birthdates, and encrypted passwords.
The eBay hack is another indication that users need to become more vigilant about the passwords they choose. If users have the same password on eBay as on other sites, then hackers might attempt to gain access to many different logins.
Protecting Your Information
As you learn about the biggest recent security breaches affecting organizations that do business on the web, it’s easy to see that you need to protect your information. As Facebook observed, ensuring 100% protection from bugs or hacks is simply not possible. Fortunately, there are steps that can be done to reduce the likelihood of a security breach and to minimize the damage if a security breach does occur.
Use Proper Encryption Methods
Using outdated M5 encryption methods for passwords is not secure enough. It doesn’t take hackers long to figure out how to decipher them. Companies must keep up with web-related changes and embrace the best, most secure methods to encrypt information of all types.
Encourage Proper Password Usage
It’s important to encourage everyone to use good passwords. It’s also smart to use a unique password for each site to avoid compromising every login when one company becomes the victim of hackers. Additionally, users should choose a long password with a good mixture of letters, numbers, and special characters. Last but not least, it’s a good idea to change passwords regularly.
Keeping Your Information Secure
At eFileCabinet, we take cyber security seriously. All of your information is encrypted with us, not just your passwords. That means even if hackers were able to get in, they would still have a long way to go before they could possibly use any of the information they find.
Of course we still encourage you and your employees to use safe passwords and change them often. And we also offer you the ability to set up role-based user access to limit the amount of information your employees can access.