Tag Archives: data-breach

How LastPass is Handling a Security Breach the Right Way

I’m just as tired as you are of reading about security breaches, data being stolen and hackers sitting smugly behind their screens. Unfortunately, we’re not going to see a dip in the number of these crimes any time soon. The state of security within many companies is frankly deplorable. Corporations we have trusted for years are suddenly finding themselves in the number one spot on everyone’s “list.” Often, though, it’s not the actual breach of information that disturbs us – it’s the way a company handles the problem which gets our knickers in a knot. Just take a look at Sony…

Sony knew there was an issue several days before telling anyone, an oversight which is now causing them much more grief than the actual dilemma of stolen data. Let’s face it: we all know that hackers are out there stealing everything they can get their hands on. We hate them, right? We rant, curse and scream on a daily basis about the prevalence of online theft. But what we loathe even more than the bad guys are the companies who aren’t honest with us – and who aren’t very speedy at telling us they have a problem.

Earlier today, password manager LastPass openly admitted that they had possibly suffered a breach of data – nearly as fast as they discovered it. In order to maintain the safety of their customers, the business quickly disabled master passwords, forcing users to log in via offline mode. Everyone was then prompted to change their master password in order to resume normal operations. This was done as a precaution, folks. Yes, it likely inconvenienced you for a moment or two. However, isn’t taking that step just in case better than finding out later that some idiot now has control of your bank and credit card accounts?

This company absolutely handled the matter the right way. They aren’t even sure at this point that anything was taken at all. They simply found a possible problem, reported it to you immediately and took preventative steps to help you stay secure. What more could you ask for? Please don’t answer that by asking for impenetrable security. That’s never going to happen, y’all.

Nothing is perfect, not even security. The response from the LastPass team is daggone close, though.

Sony Playstation Breach Shows How Vulnerable You Are

Sony finally owned up to what was already clear several days ago: Playstation Network incurred a massive breach of user data. Over seventy-seven million user accounts are impacted in what is quite possibly the largest data breach ever. The FBI is on notice and one United States Congressman is accusing Sony of “taking too long to report the breach.” Whoever hacked the Sony Playstation Network likely has access to your username and password, your date of birth, your name, your address and your credit card information. They even have the answers to your security questions.

This data breach should put us all on notice – it’s becoming harder to know who to trust with your data. The problem is bigger than Sony. It proves just how vulnerable you really are. Canceling your credit card right away and adding a “high risk” alert to your credit file might help mitigate the short term damage. You can cancel your mother’s maiden name, or your first pet’s name, or the model of your first car.

Even if your username and password are unique at every site, you likely use the same security questions and answers. After all, how many different security questions do you see? We are asked our mother’s maiden name, our first girlfriend’s first name, our first job, and even what type of car we drive. Thinking back on the last five websites I signed up with, the security questions were almost identical at each one. Now those criminals know the answers to those supposed security boosts – along with all of your other personally identifying information. They can freely access nearly anything you’ve registered for online and they also have the power to assume your identity with brand new accounts.

Let’s dig a little deeper into what this means from a security standpoint. Imagine if you will a C-level executive with GE or Ford who happens to be enjoy gaming on the Playstation Network. Can you even imagine the potential for havoc once data theives access thier various online accounts? We’re talking possible repercussions of a massive scale, y’all. Down on main street, where business owners are struggling to survive and thrive, those who had their information stolen could end up seeing a bankruptcy judge in the near future. An unlucky teen’s parents may end up with a mountain of credit card debt they cannot escape from.

If our trust is violated by a huge corporation like Sony – or any of the other 2,447 companies who had a data compromise since 2005 – who can we trust?