If one of your many usernames and passwords hasn’t been hacked lately, consider yourself lucky. Just this week, two more companies — Yahoo and the social question-and-answer site Formspring — announced major security breaches.
The New York Times reported that 450,000 Yahoo accounts were comprised and according to CNET, Formspring had more than 420,000 hashed passwords posted online. That’s more than 870,000 passwords released in a span of a couple days as the result of two completely different breaches.
In response to the news that a group of seven hackers were responsible for the Yahoo breach, CNN Money’s David Goldman was quick to warn his readers:
“If it wasn’t clear before, it certainly is now: Your username and password are almost impossible to keep safe.”
We hear you, David. It’s obvious that hackers don’t discriminate from startups like Formspring to Fortune 500 companies like Yahoo. “P@ssword123” is simply not good enough when it comes to protecting sensitive data – and it is the companies’ responsibility to provide users with more. We’ve said it before and we’ll say it again: these security safeguards just aren’t cutting it anymore. It’s time for companies to think beyond the basic username and password combo.
Security Breach Timeline
- JULY 12, 2012: Yahoo confirmed that more than 400,000 users had their account information compromised. Gmail, AOL and Hotmail accounts affected as well.
- JULY 10, 2012: 420,000 hashed Formspring passwords were publicly posted to a third-party security forum.
- JUNE 5, 2012: Cloudflare’s customer accounts are breached via their CEO’s personal gmail account.
- APRIL 24, 2012: Nissian announced a security breach earlier this year.
- FEBRUARY 13, 2012: Microsoft’s online store in India hacked, user information compromised.
- FEBRUARY 11, 2012: U.K.-based TicketWeb direct marketing system hacked, sends phishing emails to customers.
- JANUARY 15, 2012: Hackers access personal information from unknown number of Zappos’ 24 million users.
- JANUARY 5, 2012: 45,000 Facebook passwords compromised, mostly in the U.K. and France.
- DECEMBER 14, 2011: China-backed hackers break into iBahn network, potentially accessing millions of confidential emails.
- NOVEMBER 30, 2011: Duqu authors likely behind extensive C&C infrastructure wipe-outs.
- NOVEMBER 10, 2011: Valve’s Steam server hacked.
- JUNE 24, 2011: Electronic Arts’ BioWare server hacked.
- JUNE 20, 2011: Sega hacked – 1.3 million users had sensitive information stolen.
- JUNE 20, 2011: Dropbox files left open due to bug.
- MAY 16, 2011: LastPass database stolen.
- May 10, 2011: Citigroup hack exposed the data of 360,000 accounts, millions stolen.
- APRIL 27, 2011: Sony PlayStation Network hacked.
- MARCH 30, 2011: Epsilon (email communications manager) had the email database for 26 companies, including Citi, Walgreens and BestBuy, stolen.