Feeling insecure? Join the club. While massive cyberattacks have become almost routine, a handful of developments over the past 24 hours have reminded us that pretty much nothing online is safe.
Reports surfaced Tuesday that a group of Russian hackers had stolen 1.2 billion user names and passwords from 420,000 websites in what would be the biggest data breach in history. They targeted any website they could get, ranging from Fortune 500 companies to very small websites, Alex Holden of Milwaukee-based Hold Security, which discovered the breach, told the New York Times.
So time to panic, right?
Meh, not so fast. As The Verge s Russel Brandom points out in a nice talk-you-off-the-ledge report, there s no evidence the stolen passwords are even still active, the methods used in the hack are common and should (ahem, should) already be protected against on major company servers, and the fact that the stolen data is apparently only being used for Twitter spam makes one question its value. Is it a huge breach with the potential to do damage? Sure. Are we all going to wake up tomorrow to find our bank accounts drained and identities stolen? Probably not. Breathe a little easier, but still change your password just in case.
But don t let that make you complacent. In a timely interview, David DeWalt, CEO of Milpitas security company FireEye, told the Merc s Jeremy Owens on Tuesday that consumer antivirus software is almost worthless to defend against modern cyberattacks. Everything the consumer once took for granted while shopping online has become more risky, he said, noting that large corporations, particularly large retailers and financial-services firms, are getting breached at unprecedented levels.
Consumers can only do so much, and most companies are not doing enough to protect themselves and their products, DeWalt said. That feeling is shared by many attending the annual Black Hat computer security conference in Las Vegas, which kicked off today.
Serious vulnerabilities in home Wi-Fi routers are expected to be revealed, according to a CNet report, amid complaints from security experts that router companies are simply not paying attention to security. Consumers are not empowered. You can t buy the Volvo of routers, security researcher Jake Holcomb told CNet. It s as if you could only choose a car that didn t offer seat belts.
But don t worry, it s only going to get worse. Just wait until your toaster gets hacked. The Internet of Things is expected to be a major topic at Black Hat, as the spread of connected devices exponentially increases the number of things that can be hacked. A study last week by Hewlett-Packard found 70 percent of the most common smart devices –TVs, webcams, thermostats, home security systems, etc. — had serious security vulnerabilities. Unlocking doors and remotely controlling your smart car? Check. Hijacking Android phones? That s old news, check. Taking control of satellites, planes and ships? Um, yeah.
So what s a regular person to do? Think reasonably and be smart. Create long, unique, multi-character passwords. If you do repeat passwords (you shouldn t, but come on, we all do), at least don t use the same passwords for bank accounts that you use for social networks or email. Can t remember all your crazy now-secure passwords? Try a centralized password login service so you only need to remember one main password. Check your credit card bills and bank account every month for transactions you don t recognize. Since every system is vulnerable at some point, think more about containing the damage if you do get hacked.
And get used to the fact that we ll have to deal with these hassles for the foreseeable future, until companies get wise to the fact that consumers expect them to protect our data, and take steps to greatly improve security on their end. Which will probably take a few class-action lawsuits. But then, finally in the future, when all our accounts are secured by two-step retinal scan or biometric signatures, we ll be all set. Until that generation of hackers starts stealing our eyeballs and fingers.
Can t wait.
At top: AP Photo/Kin Cheung, File
