Tuesday, May 7, 2013

reputation.com Reputation Tarnished by Security Breach

reputation.com, a company that advertises its ability to help manage customers' online reputations, suffered a security compromise of its own. Information stolen includes customers' physical addresses and employment history, both of which could potentially be useful in an identity attack. Some encrypted passwords were also stolen.

Unfortunately, part of the company's damage control efforts included mis-information about the risk posed by the stolen encrypted passwords. Dictionary-based attacks on encrypted passwords only depend on having enough computing power, especially given the poor quality of most passwords. But in an environment where the Internet is swimming in easily hackable powerful computers, computing power is not much of a barrier to entry.

(Since many people use a single password across platforms, a stolen encrypted password for one account could allow an intruder to access a broad range of accounts, including bank accounts and accounts at a target's workplace.)

No comments: