Thursday, October 29, 2015

Do you want your friends to know that you visited the psychiatrist?

The digital magazine “Motherboard” has announced it will have a new section:“The hack of the day” referred to the data filtration which we're seeing daily. Today has been an especially prolific day related to this topic, and that’s why we decided to entirely dedicate our post to it: since psychiatrist patients whose data has been stolen from the hospital until the exposition of the access passwords to their accounts of the British Gas customers. There's a remedy? We'll finish reading a text by the reputed expert Bruce Schneier, with the illusion of lighting up our knowledge, even just a little.

The Medical and Mental Health Center Woodhull of Brooklyn has sent letters to 1.581 patients to notify that their data were in a stolen laptop. Although the laptop was protected with password, data wasn’t encrypted. We’re talking about names and surnames of the patients, medic histories and else. The letter finishes “calming” the victims because, among the stolen data, were not the social security numbers so nobody will be able to use them. The fact that the hackers with this information would blackmail them in exchange of not reporting to their bosses or friends about their depression isn’t so important, for sure.

British Gas customers

We elevate a little bit the number of victims in the next story: 2.200 people have received a letter from British Gas reporting them that their mail addresses, user names and passwords of their accounts in this company have been published in Pastebin. According to British Gas, “the credit card numbers and the bank accounts haven’t been published”.  What they don’t say is that who have accessed these account with the filtrated passwords will found there this information.

000Webhost, pwned

And we continue talking about hacks: 13 millions are the password in flat file, plus user names and e-mails, who someone has sent to Troy Hunt, administrator of the site “Have I Been Pwned?”, a browser to discover if your personal data has been exposed in Internet. The company 000Webhost, which offers free web hosting, has confirmed that the data belongs to their users and that it was stolen by someone who exploited an old version of PHP to access its site.

Neither 2F saves us

We could keep talking about more data robbery, happened just between yesterday and today, like the one from 800 customers of Marks&Spencer. There are a lot of cases, many of them have no significance, except if we talk about big numbers or relevant persons like, recently, the director of the CIA. This is the topic of the interesting article written by the security guru Bruce Schneier, which we recommend to our readers for any quiet time during the day.

As Schneier says, this isn’t an easy problem to solve, not even with the famous double factor of authentication, also known as vulnerable.


Post a Comment