Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

2012's worst security exploits, fails and blunders

Brad Chacos | Dec. 31, 2012
A fool and his feeble p@$$w0rd are soon rooted, but if 2012 has proven anything, it's that even the most cautious security-minded souls need to double down on their protective practices, and think about the best ways to mitigate damage if the worst happens in our increasingly cloud-connected world.

At the same time, a very small number of users had their Dropbox accounts actively broken into by outside sources. Investigations revealed that the hackers gained access to the accounts because the victims were reusing the same username/password combination across several websites. When the login credentials were leaked in a breach at another service, the hackers had all they needed to unlock the Dropbox accounts.

Dropbox's woes highlight--again--the need to use separate passwords for different services, as well as the fact that you can't trust the cloud completely yet. You can take cloud security into your own hands with the help of a third-party encryption tool.

Millions of South Carolina SSNs pilfered

Speaking of encryption, it would be nice if the government followed basic security principals.

After a massive October data breach resulted in a hacker obtaining the social security numbers of a whopping 3.6 million South Carolina citizens--in a state with just 4.6 million residents!-- state officials tried placing the blame at the feet of the IRS . The IRS doesn't specifically require states to encrypt the SSNs in tax filings, you see. So South Carolina didn't--though it plans to start now, hindsight being 20/20 and all.

On the kinda positive side, debit and credit card details of 387,000 South Carolina citizens were also swiped in the digital heist and most of the those were encrypted, though that's likely little solace for the 16,000 people whose card details were stolen in plain-text form.

Skype's massive security flaw

In November, Skype users temporarily lost the ability to request a password reset for their account after researchers identified an exploit that allowed anybody to gain access to a Skype account as long as the person knew the email address associated with the account. Not the account password, not the security questions--just the simple email address alone.

Skype quickly plugged the hole when it caught the public eye, but the damage had already been done. The vulnerability was floating around on Russian forums and actively being used in the wild before it was shut down.

Hackers steal 1.5 million credit card numbers

In April, hackers managed to "export" a whopping 1.5 million credit card numbers from the database of Global Payments, a payment processing service used by government agencies, financial institutions, and around 1 million global storefronts, amongst others.

Fortunately, the breach was fairly contained. Global Payments was able to identify the card numbers affected by the hack, and the data stolen only contained the actual card numbers and expiration dates, not any cardholder names or personally identifiable information. The hits kept coming, though. In June, Global Payments announced that hackers may have stolen the personal information of people who applied for a merchant account with the company.

 

Previous Page  1  2  3  4  Next Page 

Sign up for CIO Asia eNewsletters.