backtop


Print 15 comment(s) - last by Beenthere.. on Dec 29 at 10:29 AM


  (Source: Digital Trends)
Identity Finder LLC has released an analysis of the information obtained and posted by hacking group Anonymous after it attacked Stratfor

A new study has found specific details concerning Anonymous' recent successful hack on the intelligence company Stratfor, such as the number of credit card numbers obtained.

Identity Finder LLC, a technology security company that finds and protects sensitive data, has released an analysis of the information obtained and posted by hacking group Anonymous after it attacked Stratfor. So far, Anonymous has posted information regarding Stratfor subscribers with first names beginning with A through M, and it is assumed that those beginning with N through Z will be posted later.

According to the analysis, 50,277 unique credit card numbers were in the files posted by Anonymous, where 9,651 have not expired yet. The analysis also noted 86,594 email addresses, where 47,680 are unique; 27,537 phone numbers, where 25,680 are unique; 44,188 encrypted passwords, where 50 percent could have easily been cracked, and 13,973 U.S. addresses.

Password strength was noted as an important issue, where 73.7 percent of decrypted passwords were weak, 21.7 percent were of medium strength, and only 4.6 percent were strong. About 10 percent of decrypted passwords were less than five characters long, while only 4.8 percent were 10 or more characters long.

“This is the latest data leak by ‘breachers’ who not only hack into corporations but also breach their data privacy by posting the information online,” said Aaron Titus, Identity Finder’s Privacy Officer.
 
“Unfortunately this problem will only get worse unless corporations minimize their data footprint and shrink their data target. The number of posted passwords and the threat of password re-use is significant. Passwords are a digital identity and password reuse is a serious problem that could lead toward identity fraud. The victims will have no way to know when an identity thief is reusing their email and password combination to attempt to log into their online bank, an online retailer where they have saved their credit card for future purchases, or other online accounts such as e-mail."

In addition to posting names beginning with N through Z next, Anonymous claims to have copied 2.7 million emails which will be posted next.

Source: Identity Finder



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

cloud at its best broken for users
By KOOLTIME on 12/28/2011 12:20:10 PM , Rating: 3
This is why cloud computing is such a horrible idea for individual consumers, as all that data is always up for grabs buy someone else. Years later when the cloud equipment is being changed out by techs, the data will go to the wild, allot of safety claims they will encrypt or erase it before that happens 99% of the time really never does.

Most folks dont realize long term cloud data storage is a horrible idea for consumers, businesses use it, but for a consumer its terrible. As most folks dont understand change and long term data security fails due to the processes involved.

Businesses are just that, nobody can stay current with security trends, as its financially impossible to afford such costs by everyone using the internet, and so we have breaches simply because its impossible to have everyone pay and update security 100% of the time to stops such things, so its fails by virtue of money not the actual security issues behind it.




RE: cloud at its best broken for users
By extmoder8 on 12/28/2011 1:27:35 PM , Rating: 2
Or you can simply be careful about what type data you put in the cloud. Financial, medical, text conversations are a few types to avoid. Some might be okay if they encrypt first although I still wouldn't put it out there myself.

But, I think the cloud is fine for things like music or photo backups. I could care less if someone saw my Dinsey world vacation photos or the music I listen to.


By NellyFromMA on 12/28/2011 2:00:37 PM , Rating: 2
Not for nothing, but I mean anyone who purchases anything online has submitted their personal financial data 'to the cloud'. It's not realistic to ask consumers not to purchase things online...

The storage of data happens without their direct knowledge, no matter how many walls of text you push in a users face detailing this, it simply isn't realistic to expect the average end-user / consumer to read several pages of license or usage agreements and actually understand them and the ramifications.

Sorry if I misunderstood what you meant, but this is was I gleemed from it at first pass.


RE: cloud at its best broken for users
By Samus on 12/29/2011 12:36:13 AM , Rating: 2
quote:
I could care less if someone saw my Dinsey world vacation photos or the music I listen to.


Maybe your Disney world vacation photos are't so personal...


RE: cloud at its best broken for users
By michaelklachko on 12/28/2011 1:55:06 PM , Rating: 1
Web based email (Gmail, Yahoo, etc) is an example of cloud computing "for consumers".
Are you suggesting we all run our own mail servers at home?


RE: cloud at its best broken for users
By NellyFromMA on 12/28/2011 1:57:50 PM , Rating: 2
Why would he be suggesting that.... e-mail has been server based since the beginning of the 80s (at least!) When cloud computing wasn't even terminology worth anything.

Internet -or- network != cloud....


RE: cloud at its best broken for users
By michaelklachko on 12/28/2011 2:12:16 PM , Rating: 3
email has been server based

Lol. Do you think "cloud" is unicorn based?
What do you think Gmail service is running on?


By Mitch101 on 12/29/2011 10:02:54 AM , Rating: 2
Yea Unicorns and Rainbows are what Apple uses!


RE: cloud at its best broken for users
By KentState on 12/28/2011 3:59:09 PM , Rating: 2
Unless someone is logging in directly to my personal email server and the mail does not hit the internet, then it's pretty much cloud based. Cloud is just a fancy name that companies put on services that work like email. We just now have enough bandwidth to host a lot more services like databases in the "cloud".


RE: cloud at its best broken for users
By michaelklachko on 12/28/2011 4:47:11 PM , Rating: 2
A cloud does not have to live on the internet. I can have my own private cloud, and I can let people directly connect to it - either to use some service I provide (PaaS/SaaS), or to rent my servers (IaaS).
Therefore, it can totally bypass public internet, and still be called "cloud".


By Mitch101 on 12/29/2011 10:04:40 AM , Rating: 2
I have a cloud in my Bathroom. White Cloud to be specific and its not for public use.


Storage of unecrypted data.
By karielash on 12/28/2011 2:14:25 PM , Rating: 5

You seem to have skipped the fact that none of the stored credit card information was encrypted and was stored with identifiable information (including CVV numbers).

While the theft of the information was bad, the degree of outright negligence displayed by a 'security' company is nothing short of outrageous, and if this is the way a security company treats your info, just think what the supposedly less well educated companies are doing with it.




RE: Storage of unecrypted data.
By Shig on 12/28/2011 3:35:51 PM , Rating: 4
Selling it for profit of course.


That picture...
By jahinoz on 12/28/2011 9:14:40 PM , Rating: 2
Did anyone else look at the guy second from the left and go "HOLY CRAP ITS PHOENIX WRIGHT!"




By Beenthere on 12/29/2011 10:29:22 AM , Rating: 1
30 years in the slammer should change some attitudes.




"It seems as though my state-funded math degree has failed me. Let the lashings commence." -- DailyTech Editor-in-Chief Kristopher Kubicki














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki