Last week, Ars Technica’s Dan Goodin published a story detailing how downloaded Android applications have the potential to expose the sensitive personal data of more than 185 million users. Vulnerabilities due to inadequate or incorrect use of SSL/TLS protocol libraries expose everything from online banking and social networking credentials to e-mail and instant-messaging contents. A group of computer scientists identified 41 applications in Google's Play Market that could leak data from an Android phone connected to webservers for banks and other online services.
In addition to the research paper that sparked the article, there was another body of research out of Stanford University and the University of Texas, which exposed additional security issues with Android apps as well as a plethora of other popular web applications, services, electronic banking sites, and more. Again, the security issues stem from the incorrect or inadequate use of SSL/TLS libraries within the applications.
If one of your many usernames and passwords hasn’t been hacked lately, consider yourself lucky. Just this week, two more companies — Yahoo and the social question-and-answer site Formspring — announced major security breaches.
The New York Times reported that 450,000 Yahoo accounts were comprised and according to CNET, Formspring had more than 420,000 hashed passwords posted online. That’s more than 870,000 passwords released in a span of a couple days as the result of two completely different breaches.
In response to the news that a group of seven hackers were responsible for the Yahoo breach, CNN Money’s David Goldman was quick to warn his readers:
“If it wasn't clear before, it certainly is now: Your username and password are almost impossible to keep safe.”
Computerworld’s Jaikumar Vijayan story today on the Utah Department of Health security breach that exposed approximately 280,000 Social Security numbers highlights a point we’ve written about many times in the past: Weak, easy-to-guess passwords are perhaps the biggest threat to IT security. According to Vijayan:
“ … the hackers -- believed to be from Eastern Europe -- exploited a configuration error at the authentication layer of the server hosting the compromised data, according to Utah IT officials.
News filtered out earlier this week about two recent security breaches. TechCrunch reported on an attack on Microsoft’s online store in India, which exposed user information including email addresses, order histories and addresses (but excluding credit card numbers). And during the weekend, U.K.-based TicketWeb suffered a breach of its own after the company’s direct marketing system was hacked, causing TicketWeb to send phishing emails to its own customers.
2012 is still pretty young, but we’re two breaches closer to Okta CEO Todd McKinnon’s prediction that one billion people will have their data stolen this year.
Before last week, chances are you’d probably never heard of iBahn, a Salt Lake City-based company that provides Internet services to hotel chains such as Marriott International Inc. Last week, however, the company suffered a disconcerting security breach at the hands of Chinese hackers that potentially exposed millions of sensitive corporate emails.
A recent Businessweek article by Michael Riley and John Walcotte outlines the attack: China-backed hackers broke into the iBahn network, potentially gaining access to millions of emails, including those that were encrypted and contained sensitive business information.
It’s happened – again. A major gaming network has been hacked, compromising millions of users’ information.
Last night, Steam – Valve’s online gaming service – announced that its database had been breached. The database included coded passwords, billing information and encrypted credit card information. Valve is still investigating whether this sensitive data has been cracked, but is recommending to its 35 million active users to change their passwords and monitor their credit cards closely. That’s right, 35 million active users. In case you didn’t know, Steam is by far the largest PC game-distributing platform.
Does any of this sound familiar?