password-security

Customer details such as passwords need to be stored in databases, but what happens when these get hacked? 8Tracks radio service recently found out.

Following a breach of the security around their user data, 8Tracks had the rather unenviable task of announcing a major password security alert. And, seeing as this had the potential to affect 18 million users who are signed up to the service, it demonstrated the fragility of cyber security when it’s not enforced to the letter – as Tumblr found out last year.

The reasons behind this breach are incredibly simple, but the impact of such a breach has the potential to cause major damage for millions of users. It’s a cautionary tale and one which can provide an important lesson to learn.

How were 8Tracks Users Hacked?

8Tracks suspect that their databases were breached following a cyber-attack on one of their employee’s Github accounts – an online storage facility for open source programming code. Github offers two-factor authentication, but, in this instance, the 8Tracks employee didn’t activate this which left them at a slight disadvantage to hackers. And, following an alert from Github that this account had been subject to an unauthorized password change, it became clear that access to 8Tracks networks had also been compromised.

It’s believed that access to prime databases and production servers were not at risk as they were protected by SSH keys which involve sophisticated cryptography and challenge-response authentication. However, the backdoor left open by the 8Tracks employee did expose back up databases which contained email addresses and passwords for 8Tracks users. The passwords, thankfully, were encrypted using salt and hash methods – these techniques make passwords very hard (but not impossible) to crack.

Although it would be highly difficult to hack these salted and hashed passwords through brute force techniques, the very small chance of success was a major headache for 8Tracks. As a result, they had to advise all their customers who had signed up with an email address – those signed up through Facebook and Google authentication were not affected – that they had to change their password immediately. 8Tracks themselves then had to secure their employee’s Github account, change passwords for their own backup systems and restrict access to their repositories.

hacking-2300793_960_720

 

What’s the Impact of the 8Tracks Hack?

It may seem as though the 8Tracks hack is all done and dusted now that users have been advised to change their passwords and the 8Tracks system secured accordingly, but there’s a further problem. For the 18 million users affected, it’s more than likely that a large number of them use the same email address and password to sign into countless services such as Facebook, online banking and even to access their organizations systems, so these are now at risk from unauthorized access.

And this is why it’s so important that password security is taken seriously. Many organizations are now turning to online password storage facilities such as LastPass which provide highly encrypted systems to store the many passwords that your employees may need on a day to day basis. Not only should you consider using systems such as this, but if you’re offered the chance of using two-factor authentication, it should be a no-brainer that you activate this immediately to create stronger defenses for your data.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More


AAEAAQAAAAAAAAgvAAAAJDhjMDZlMWZjLTg0ZjMtNDFiMi04MTNhLWQ0NTQyNDRlMjdhMA
North Korea is ramping up its hacking activity with a recent hack on South Korea stealing the personal data of around 10 million customers.

Yes, this latest attack by North Korean hackers has created widespread fear for a huge number of individuals who felt that their sensitive data was protected. Unfortunately, in this day and age, it’s a brave company that can attest to their data being protected 100% securely.

It’s the kind of attack which should really make your ears prick up and take data security seriously, so it’s time to investigate the story!

Hacking Interpark
20160726001213_0

The hacked company at the centre of this attack is Interpark, an online shopping mall located in South Korea. Founded in 1996, Interpark has risen to such a lofty position in their market that they can boast transactions which are measured in hundreds of millions of dollars, so it’s no surprise that Interpark was such an attractive target.

But how exactly does a company as large as Interpark fall down in the security stakes and get hacked?

Well, unfortunately, it was through the simple execution of a malware attack through email. A careless employee fell for a deceptive email and effectively left the back door unlocked for North Korea to gain entry.

Now, we seem to be discussing malware on here on a regular basis, but this attack is something else in terms of its ambitions. Not only have the hackers compromised sensitive customer details such as email addresses, telephone numbers and other personal data, but they’re demanding that Interpark pay a ransom of nearly $3 billion in Bitcoin to prevent the data being leaked.

What’s particularly embarrassing for Interpark is that the initial hack took place in May, but was only brought to Interpark’s attention on July 11 when the ransom message was delivered. This highlights the sophistication with which the hackers have been able to cover their tracks through a simple email attack, but also underlines how lax Interpark have been with their monitoring.

After all, if there has been movement of 10 million customers’ details on your network, it really should be detected…

Combatting Malware

virus-web-malware-shield-internet

North Korea has been the center of hack controversies for a few years now, with their alleged involvement in the Sony Pictures hack perhaps the most famous example. And, it’s unlikely that Interpark will be their last target either, so you need to understand how to protect yourself from malware.

As ever, ensure that you and your employees are taking the following steps:

  • Always install all the latest software updates to prevent easy access for hackers who have identified vulnerabilities in specific software.

 

  • Display awareness when opening emails and being presented with links and attachments. Although they may look harmless, this is often part of the clever deception at play and it’s always best to double check.

 

  • Be careful when using removable hardware such as disk drives and USB sticks as these can easily be tampered with to contain automatic software which will download malware silently and quickly.

 

  • Keep a close eye on network activity on your servers. An increase in activity could indicate that something unusual is happening such as wholesale removal of personal data.

 

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More