2014: The Year of the MEGA Data Breach

[WT Sharpe]

Personal info has been hacked yet again. This is getting ridiculous. Just this week it was announced that a hacker claims to have 7 Million Dropbox Passwords. It seems there is nothing that even approaches security online anymore. Hardly a week goes by without news of a fresh breach. I change my passwords frequently, but this isn't enough. Three of the passwords I have changed in the past two months, Dropbox included, have had to be changed a second time because of hacks of the companies or institutions involved.

Home Depot, Target, Dropbox, Chase Morgan, AOL, eBay, Adobe, UPS, the list goes on and on. Where does it all end? Is anybody safe?

The Internet Security Threat Report from Symantec and supplemental data can be downloaded here.

[cromag]

As Willie Sutton said, "That's where the money is."

[Fbone]

You can add Kmart to your list.

[Quexos]

We all know it and people has to be naive to hope this will get better when in fact it will only get worse.

The obvious thing to do is to NEVER trust the cloud with personal data, personal pictures etc... Use the cloud for stuff that you don't see as private and KNOW that as soon as you put stuff in the cloud, it is not a question of IF but of WHEN, because sooner or later it will be breached.
I'll go even further by saying that even before any hackers get to your data in the cloud, you can be ABSOLUTELY sure that it's all immediately reachable by the CIA, the NSA and all such three letters agencies. Don't wait for an Assange or a Snowden to tell you what has in this 21st century become obviously "business as usual".
You know it people so stop putting private stuff there only to complain when it's been breached because make no mistake about it, it WILL BE breached and seen...

[bfisher]

It isn't just the cloud or retailers security- security is badly done on most communication devices- going to be a big problem with the Internet of things. That's why I'm not planning on getting a fridge that will auto order milk and OJ from my supermarket

smart meters open to hack attack
http://www.bbc.co.uk/news/technology-29643276

My water meter and electric meter are both "smart"; I think this illustrates "a little knowledge is a dangerous thing"

[ManDay]

As an expert on computer security myself (I'm kidding), I think that the problem is mostly due to inflationary software development, rather than due to intrinsically complex security requirements. There certainly are breaches on supposedly established and rock-solid systems, too (and when they occur, they have yet a larger impact, like "heartbleed"), but that on-average tendency of it "only getting worse" as Quexos put it, I attribute to how people are getting into the software business without any qualification for what they're doing, whatsoever.

Only lately, companies have realized what potential is in the web (as if it hadn't been around for long enough), now they're churning out software by "the more [features], the merrier" but with an apparent lack of quality.

[bfisher]

I was a software developer for 15 years. My experience was that security was an afterthought with both clients and developers; if you got to the stage where things were more-or-less working at an acceptance testing level, then you could start adding more features, rather than making your software more robust and secure.

[Blossom]

Dropbox claims they were not hacked. I changed my password anyways. I never use the same password on any service I care about.

My real concern is some banks still have horrible security on their sites. My current bank does not have two step verification and does not allow symbols on a password. :smack

[WT Sharpe]

Quote:

Originally Posted by WT Sharpe

...Just this week it was announced that a hacker claims to have 7 Million Dropbox Passwords....

Quote:

Originally Posted by Blossom

Dropbox claims they were not hacked. I changed my password anyways. I never use the same password on any service I care about.

My real concern is some banks still have horrible security on their sites. My current bank does not have two step verification and does not allow symbols on a password. :smack

I hope Dropbox is right. For what it's worth, and it's worth a lot in my opinion, DropBox is one of those sites that does enable 2-step verification. But you're right about the banks. You'd think they'd have been the first to enable it, and precious few have.

[Quexos]

Quote:

Originally Posted by Blossom

Dropbox claims they were not hacked. I changed my password anyways. I never use the same password on any service I care about.

See you got it wrong, I bet you think by changing your PW you're okay but there lies the problem, you are not !
Of course changing your PW is necessary but the only true security is to not trust Drop-box (or any other similar service) with sensitive data. If you put stuff on it then it will be seen by both hackers and the NSA, the only difference being that the NSA can get to it right away while private hackers must happen upon it and break it which can take a bit of time.

But don't believe me, keep putting sensitive data in there as millions of naive people do. I don't kid myself and I know that the strong will keep praying upon the weak and that won't ever change.

[Blossom]

Quote:

Originally Posted by Quexos

See you got it wrong, I bet you think by changing your PW you're okay but there lies the problem, you are not !
Of course changing your PW is necessary but the only true security is to not trust Drop-box (or any other similar service) with sensitive data. If you put stuff on it then it will be seen by both hackers and the NSA, the only difference being that the NSA can get to it right away while private hackers must happen upon it and break it which can take a bit of time.

But don't believe me, keep putting sensitive data in there as millions of naive people do. I don't kid myself and I know that the strong will keep praying upon the weak and that won't ever change.

Seriously you just assumed all of this about me? How do you know what I keep on my account? Dropbox is where I put my Calibre Library. I change my password because I don't want to lose access to my account I work so hard at getting free space to. It took over a year to get that 19GB and I'm at 80% that would mess up my backup system. As a wife who was married a USAF guy the NSA is the last person I am worried about seeing my Romance books I read. They can read my email too if they want nothing there but lots of spam and newsletters. I do Swagbucks everyday where I give all my basic info out for pennies. You think I care if people see it? No. I have nothing of value. I wouldn't want them showing up at my door now like Kathleen Hale did to that reviewer that would be scary but as long as my Financial info stays safe that's all that matters.

[FizzyWater]

Quote:

Originally Posted by WT Sharpe

I hope Dropbox is right. For what it's worth, and it's worth a lot in my opinion, DropBox is one of those sites that does enable 2-step verification. But you're right about the banks. You'd think they'd have been the first to enable it, and precious few have.

Chase has had 2-step verification for some time now. What I read about their hack was that the hackers got a list (don't remember how) of the applications used on Chase computers and looked for weaknesses in the applications that would let them get in.

[RDaneel54]

I was a victim of the Target and Home Depot breaches (not slacks). All I've gotten out of it is free identity protection from two different companies.

I have two friends who've been victims of financial identity theft. Not fun.

[WT Sharpe]

Quote:

Originally Posted by FizzyWater

Chase has had 2-step verification for some time now....

They appear to have that feature well hidden. I certainly don't see it.

[WT Sharpe]

Quote:

Originally Posted by FizzyWater

Chase has had 2-step verification for some time now. What I read about their hack was that the hackers got a list (don't remember how) of the applications used on Chase computers and looked for weaknesses in the applications that would let them get in.

After reading your post, I sent the following message to Chase customer service:

Quote:

Do you enable 2-step verification?

And received the following reply:

Quote:

Date:10-19-2014 09:58:18
From:Chase Online
Subject:Re: Product Information Request
Message:


Dear [Mr] Sharpe,

Thank you for taking time out of your busy schedule to
contact us. My name is XXXXX, and it is my
pleasure to be able to review your concern today.

We do not offer the two step verification. I apologize for
the inconvenience this has caused you.

...


Thank you,

XXXXX
Internet Service Center