pokemon passwords

Data Breaches And Concerns Over Password Storing Methods

Data Breach Concerns

Data breaches have been plentiful over the past few years, and companies have lost millions of dollars and the faith of their users. However, the biggest in history may have just been discovered. Yahoo recently announced that they underwent a major data breach that will have some serious implications.

It is believed that the attack occurred sometime in 2013, and it is said that over 1 billion user accounts were compromised. It is believed the hackers used forged cookies to get into accounts without a password.

It’s the largest breach on record, another 1 billion accounts compromised — according to reports, “names, email addresses, telephone numbers, dates of birth, hashed passwords (using MD5) and, in some cases, encrypted or unencrypted security questions and answers” were stolen.

Kevin O'BrienThis was the description of the hack from one of the leaders in the space of data breaches and information security, Kevin O’Brien. O’Brien is the founder and CEO of GreatHorn, which is a company that helps businesses secure and protect their most sensitive information. He spoke to CloudTweaks about the most recent Yahoo breach.

In his feedback to the massive breach, O’Brien also got into how he was very surprised to find out what kind of protection Yahoo was using: “It's surprising that Yahoo was storing passwords with MD5 hashing as their primary mechanism of protection. It's not an encryption algorithm, and was very visibly exploited back in the summer of 2012 when the Flamer malware tool took advantage of the fact that Microsoft's certificate signing tools for some version of TS relied on MD5 — meaning that it was trivial to make the malware look like it was officially from Microsoft…”

The fact that this protection mechanism had already been taken advantage of and was still being used by Yahoo is concerning. Also, MD5 hashes can easily be looked up online to find out the passwords with ease. It is shocking that a company the size of Yahoo still had security measures in place that were known to be largely unsecure.

Unfortunately, Yahoo has also announced that the attack might have gone even deeper than just accounts having their emails, names and other information compromised. The source code of Yahoo has been accessed, and this is a big concern for O’Brien as it could have some major implications.

Secondly, Yahoo also announced that their source code had been illicitly accessed — also a huge issue, and potentially even more concerning than an email password breach, because the downstream impact may be that multiple parts of the Yahoo technology stack will be (or have already been) compromised.”

This is just the most recent breach in the company’s long list of problems with security. Back in 2014, 500 million accounts were compromised and this wasn’t announced until only a few months ago.

Yahoo has also claimed that they do not know who is responsible for the hack and being that it took place years ago, they may never find out. A person’s data and personal information is some of the most important things they own. Companies to ensure that security is their number one priority, but too many times we see companies pinch pennies on security costs and end up getting hacked and losing much more than they would have spent to just protect the information in the first place.

Unfortunately, cyber-crime is seemingly always on the rise and it is only a matter of time before more data breaches occur, with potentially even more compromised accounts as this. Companies need to begin to start taking infosec more seriously because until that happens, these massive data breaches will continue to occur.

By Kale Havervold

CloudBuzz

The latest in curated technology related news collected from many of the leading news distribution, industry research and technology vendor firms on the planet.

Here you will find recent news sources from companies such as Reuters, Marketwired, IDC, Gartner or directly from cloud vendors such as Google, Microsoft or Amazon.

CONTRIBUTORS

What is shadow IT?

How to Make the Move to the Cloud Securely

Move to the Cloud Securely The 2016 Enterprise Cloud Computing Survey from IDG offers multiple interesting insights concerning the state ...
Chris Gerva

Why Containers Can’t Solve All Your Problems In The Cloud

Containers and the cloud Docker and other container services are appealing for a good reason - they are lightweight and ...
What Futuristic Transportation Will Look Like In Your Lifetime

What Futuristic Transportation Will Look Like In Your Lifetime

Futuristic Transportation Being stuck in traffic or late for work because of a hold up on the dreaded commute could ...
Two 2017 Trends From A Galaxy Far, Far Away

Two 2017 Trends From A Galaxy Far, Far Away

Reaching For The Stars People who know me know that I’m a huge Star Wars fan. I recently had the ...
4 Open Source Business Intelligence Tools For Big Data Reporting

4 Open Source Business Intelligence Tools For Big Data Reporting

Open Source Business Intelligence Tools It’s impossible to take the right business decisions without having insightful information to back up ...
3 Ways to Protect Users From Ransomware With the Cloud

3 Ways to Protect Users From Ransomware With the Cloud

Protect Users From Ransomware The threat of ransomware came into sharp focus over the course of 2016. Cybersecurity trackers have ...
The Good, Bad, and Downright Ugly Takeaways from WikiLeaks’ Vault 7

The Good, Bad, and Downright Ugly Takeaways from WikiLeaks’ Vault 7

WikiLeaks’ Vault 7 If you haven’t heard of the Vault 7 WikiLeaks data dump, you’ve probably been living under a ...
Bryan Doerr

Cyber-Threats and the Need for Secure Industrial Control Systems

Secure Industrial Control Systems (ICS) Industrial Control Systems (ICS) tend to be “out of sight, out of mind.” These systems ...
Principles of an Effective Cybersecurity Strategy

Principles of an Effective Cybersecurity Strategy

Effective Cybersecurity Strategy A number of trends contribute to today’s reality in which businesses can no longer treat cybersecurity as ...
Cloud Services Are Vulnerable Without End-To-End Encryption

Cloud Services Are Vulnerable Without End-To-End Encryption

End-To-End Encryption The growth of cloud services has been one of the most disruptive phenomena of the Internet era.  However, ...

NEWS

Hackers shut down infrastructure safety system in attack: FireEye

Hackers shut down infrastructure safety system in attack: FireEye

Hackers shut down infrastructure safety system (Reuters) - Hackers likely working for a nation-state recently penetrated the safety system of ...
email as a service

Google Data Analysis, Artificial Intelligence and Predicting Vaccine Scares

Social media trends can predict tipping points in vaccine scares Analyzing trends on Twitter and Google can help predict vaccine ...
Deloitte TMT Predictions: Machine Learning Deployments, On-Demand Content and Live Events Will Continue to Drive Growth

Deloitte TMT Predictions: Machine Learning Deployments, On-Demand Content and Live Events Will Continue to Drive Growth

NEW YORK, Dec. 12, 2017 /PRNewswire/ -- Deloitte forecasts double digital growth in machine learning deployments for the enterprise, an increasing worldwide ...