Up to 432 million. That’s the number of hacked accounts in the United States during the last 12 months. That translates to hackers getting their hands on the personal identifying information of 110 million Americans. And that translates to about half of U.S. adults falling victim to cybercrime.
These data points come from a survey CNN Money commissioned. Ponemon Institute researchers drew those conclusions based on public information about data breaches. Even still, the actual number may be even greater because, CNN Money noted, all companies aren’t forthcoming with details about data breaches. CNN Money pointed to AOL and eBay as examples of companies that don’t fully disclose breach stats.
Nevertheless, the Identity Theft Resource Center and CNNMoney’s internal review of corporate disclosures are offering what staff reporter Jose Pagliery calls mind-boggling numbers. Those numbers include massive data breaches from Target (70 million) and smaller data breaches from Adobe (33 million), Snapchat (4.6 million), Michaels (3 million), Neiman Marcus (1.1 million). To Pagliery’s point, we don’t know how many of AOL’s 120 million or how many of eBay’s 148 million account holders were impacted in recent breaches.
Why Is This Happening?
“First, we're increasingly moving our lives online. Shopping, banking and socializing are now chiefly endeavors for many people. Stores rely on the Internet to conduct and process all transactions. As a result, your data is everywhere: on your phone, laptop, work PC, Web site servers and countless retailers' computer networks,” Pagliery said. "Second, hacks are getting more sophisticated. Offensive hacking weapons are numerous and cheap. And hackers have learned to quietly roam inside corporate networks for years before setting off any alarms.”
The article also pointed out end-of-life issues associated with Windows XP. Microsoft for months urged consumers to upgrade or risk a security breach but many are still using the outdated operating system. The Heartbleed bug also made headlines for weeks. Heartbleed is going to go down in history as one of the worst bugs ever. It could give hackers access to user passwords and even trick people into using fake versions of popular Web sites.
Getting Back to Basics
We caught up with Jon Rudolph, a senior engineer at security firm Core Security, to get his take on the report. He told us he’s seeing the effects of trading impermeable security for the convenience of paying bills from our phones in a cafe.
“Another part of this trend is the arrival of two big audiences,” Rudolph said. “On the one hand you have more users and accounts than ever -- and on the other you have more hackers using better tools and taking advantage of human mistakes in security.”
Rudolph said the latter can happen when a user selects a weak password or uses it in several places. Security experts are constantly warning users how to create strong passwords and why they should not use the same passwords on multiple sites. The second reason, though, is not the end user’s fault. The second reason is when a company is the target of an attack.
“As a result, users and security professionals need to focus not on limiting the risk of a compromise and making it easier for the company and the user to recover from,” he concluded. “By using two-factor authentication or a password manager, users can take action to limit risk in the event that one of their sites are compromised.”
Posted: 2014-05-29 @ 10:04pm PT
eBay claims to be a “technology” company—LOL!
“Correction: May 21, 2014
“Because of erroneous information provided by a spokeswoman for the company, a previous version of this article misstated when eBay learned of an attack on its computers. EBay became aware of the breach in early May, and it was discovered that it had first occurred in late February; eBay did not discover the breach in February.”
Pray tell, why did it take so long for eBay to “become aware” of the breach?
Apart from the AGM, and the furious bailing required to keep the rusting old scow afloat, what else has been going on at eBay between late February and May?
I suppose we just have to accept that there is little intelligent life on planet eBay at or below the executive suite level. Most of the communications (both voice and certainly email) users have with eBay are undoubtedly with computer algorithms, and pretty dumb ones at that; so, one has to presume that even any regular algorithmic analysis by eBay of their communications activity logs is woeful, and also that anyone of any intelligence only glances at these logs rarely; frankly, I suspect that we are lucky that eBay has even noticed that they have been hacked, for how do they know that they have been hacked if not from such logs and, if there is a log of such hacking, why did they not notice it immediately and notify stakeholders promptly? And that’s a rhetorical question, no need to offer an answer …
And these turkeys claim to be running a “technology” company—LOL! …
eBay Inc, where the incompetent mingle with the malevolent and the criminal ...
“We hang petty thieves and appoint the bigger thieves to public office.”—Aesop, Greek slave & fable author.
[Hmmm, that could explain how eBay’s Johnny Ho got appointed to the President’s Export Council, and previously to the White House Council for Community Solutions]
Ho, Ho, Ho, it's long past time for you to go ...