By Oon Yeoh
Website hacks are so common that the typical person would yawn at the news of yet another website getting breached. However, the Heartbleed bug that made websites around the world vulnerable and the recent hack on eBay has made everyone sit up and pay attention to cybersecurity.
The eBay attack, which affected some 128 million accounts, led eBay to advise its registered members to change their passwords.
“After conducting extensive tests on its networks, the company said it has no evidence of the compromise resulting in unauthorised activity for eBay users, and no evidence of any unauthorised access to financial or credit card information, which is stored separately in encrypted formats,” eBay said in an official posting. “However, changing passwords is a best practice and will help enhance security for eBay users.”
The company also advised its members who used the same password on other sites to change those passwords, too. It’s not a good practice, but for the sake of convenience many people do tend to use the same username and passwords for multiple sites.
Although it doesn’t seem like PayPal (owned by eBay but operated separately) was affected by the breach, that doesn’t mean there is no potential damage done. Even if passwords have been changed, hackers could still use the personal details the collected to commit identity fraud. The eBay breach gave hackers access to customers’ names, passwords, e-mail addresses, home addresses, phone numbers and dates of birth.
The eBay attack comes hot on the heels of the Heartbleed bug which had wreaked havoc on the web in the past few months. The bug gave hackers the potential to for unauthorized access of data from the Internet due to Open SSL (Secure Sockets Layer) which is used by many websites.
In a Harvard Business Review article, prominent cryptographer Bruce Schneier commented on the huge dangers created by the bug: “Heartbleed is a vulnerability that affected an enormous amount of servers on the Internet, and affected them in unpredictable but potentially disastrous ways.”
Both the eBay and Heartbleed episodes could put a damper on the “Internet of Things” movement which has been a hot trend of late. The Internet of Things refers to the push to connect ordinary household items to the Internet and to each other.
Imagine the potential invasion of privacy that could happen if most electronic and electrical devices in your home were online and connected to one another, and there was a major bug or cyberattack.
To make it worse, household equipment makers are not exactly experts at handling cybersecurity issues. Or as Schneier put it in his Harvard Business Review article: “The industries producing these devices are even less capable of fixing the problem than the PC and software industries were.”
One industry that has seen a boon in business is password management. Mashable recently reported that password managers have been experiencing a surge in popularity. 1Password, for example, saw a tenfold increase in traffic to its website.
“We are getting a lot of customers who have heard of Heartbleed and they haven’t really thought significantly of their Internet security until now,” Mashable quoted Jeff Shiner, CEO of 1Password as saying. “It’s one of those things that in peoples’ minds is always happening to somebody else.”
Dashlane, another password manager, has also seen a tenfold surge in new users, according to its CEO Emmanuel Schalit. “I think it’s going to last for a while,” he says. “The news story will die down as with any news story, but I think it will create a step change in the market and awareness.”
With hackers become increasingly sophisticated, it’s vital to have strong passwords. Using password managers would be a good move. But there are many other steps you can take. Visit the World Password Day site for many tips and links to useful information regarding passwords and cybersecurity in general.
Oon Yeoh is a new media consultant.