We've got a new guest editor today, Mr. Josh Crawford:
Today is Data Privacy Day, the perfect time to rejoice in the attempt by the EU and USA to promote “privacy awareness and education among teens and young adults, focusing on the privacy issues raised by the use of social networking sites” and other types of technology which can share personal information over the internet, with a particular focus on those irritating necessities: passwords.
We here at Data Grub are ecstatic with the news that this most auspicious of occasions has arrived with the millions of people across our two great continents writhing in a frothy mass of pure ecstasy. So finally, this day of data will commence.
But it seems that this day of data celebration will be tainted with the news that RockYou, the online provider of social networking applications for Facebook, MySpace and others, was recently involved in a ruckus with a hacker.
Security firm Imperva uncovered the breach after peering at underground hacking forums; that RockYou was being attacked by a common type of exploit known as a SQL injection flaw. Hackers around the world violated that hole and invited their friends to have a go too. RockYou must have felt pretty sore in the morning.
Apparently the hacker, during a smash and grab attack, violated RockYou’s Database and stole 32 million online passwords. This has given the experts an insight into the kinds of passwords we use. Being the smart and social animals we are, it just so happens that 123456 is the worlds’ most popular password. Amichai Shulman, CTO at Imperva, said, “I guess it’s just a genetic flaw in humans.” Wives and girlfriends of the world: if your fella's favourite football team doesn’t work - maybe you're being just a little too clever. You might find that QWERTY unlocks that treasure trove of porn on his laptop...
Two days before Data Day was to start, the Information Commissioner’s Office warned that “organisations could face tougher sanctions if they fail to report data security breaches,” considering that there have been more than 800 incidents of reported security breaches last year. The sheer number of stunningly unimaginative passwords uncovered by RockYou's hacker suggests that there may well be a further slew of security breaches in the coming months.
Jeff Moss, who is on the USA’s Homeland Security Advisory Council said in response to the RockYou breach that we should rely on complex passwords, ideally around 12 characters long. “It’s like that joke where the hikers run into a bear in the forest, and the hiker who survives is the one that outruns his buddy,” said Moss, pausing awkwardly for an expected laugh which never materialised.
It looks like the RockYou story has a bit further to run - last month enraged citizen Alan Claridge from Indiana, USA, filed a class action suit against the company after they belatedly informed him - some 10 to 12 days after the attack - that his sensitive, personally identifiable information, including e-mail address and password, may have been compromised.
They had kept all the personal identifiable information in plaintext on an unencrypted database that, according to CNET, even a hacker with the most basic skills could’ve exploited.
With the ICO gaining new powers this April to issue fines of up to £500,000 for serious Data breaches, we at Data Grub can only hope that businesses, organisations and private citizens start treating data privacy at least somewhat seriously - starting with passwords.
Shaving — What’s The Best This Man Can Get?
6 years ago