Password Breaches – “It’s become a type of nightmare.”
Category : Posts
From an article by John Fontant for Identity Matters published May 29, 2014
eBay, Spotify, Avast, Adobe, Yahoo, Target, Twitter, Zappos, Gawker, Sony, Apple (twice), Fox, CBS, Warner Bros., rootkit.com, LinkedIn, eHarmony, Last.fm, Neiman Marcus Group Ltd., and Michaels Stores Inc.
I know I’ve missed many, but there likely will be more to add in a few weeks or even days.
From a corporate perspective, the reputation backlash and financial hit from a password or data breach has become so stifling that Spotify reacted this week to the theft of a single user’s data by asking nearly 40 million other customers to change their passwords.
Target’s breach bill could eventually top $1 billion — 2.8 percent of its market cap. The CIO and the CEO have resigned. The company’s year-over-year 2013 fourth-quarter profits were down 46 percent.
“Would you rather call a 1-800 number to end the carnage or change a password on each of the 25-30 sites where it was re-used and then wait for the next stealth attack or breach?”
The end-user carnage? Unknown because losing your personal data can easily turn into 20-miles of uncharted broken glass. Password breaches torture end-users more so than the company, merchant or service. Stolen passwords are sold on the black market and new hacks come at users from unexpected and unusual angles, and with the original hacked company too obscured by the trail of tears to be tagged with liability.
Access control in tatters. And many companies are proving they’re not secure or savvy enough to protect personal data – or don’t have a care to do so.
Last year, Deloitte Canada’s research organization said 90 percent of user-generated passwords would be relevant for mere seconds under pressure from hackers.
What’s a big next step toward repair?
Consumers must finally see the value of their personal data and demand protections when it’s shared with providers. The argument is the same for IT and enterprise user populations let loose in a world where cloud apps and services are as much a part of the network as a Cisco router.
A recent Ponemon Institute report says 110 million American adults had their personal data exposed by hackers in the past 12 months alone, which totals some 432 million accounts. And that number can grow exponentially if the passwords to those millions of accounts were re-used on other accounts.
Corporations are first buddying up to protect themselves.
When you build your business in a flood plain, you pay extra to insure against disaster. And passwords are in the saturated throes of a 100-year event.
Even the inventor of the password, 87-year-old Fernando Corbató, said last week, “unfortunately, it’s become kind of a nightmare.”
Yes, it is a nightmare. For end-users, especially. They trust their stored personal data will be protected via current standards; they suffer when their data is stolen, and they can’t write the consequences off on their balance sheets.
What additional steps do you think are needed to address or limit the password problem?