As all of you might have read, One Plus, makers of a line of mobile devices, has been compromised. Hackers apparently made off with 40,000 or more customer accounts to include credit card data, login data and personal data.
A few questions and thoughts on this... Why was your personal data not encrypted? Encryption in today's tech society is free and given the level of technology, the know how of Web Security and Counter Security, encryption should be automatic. Encrypting a database, ensures that even if a database full of your personal identifying details is stolen or compromised, the data remains useless. BUT let's say that the database WAS encrypted as any company whom maintains personal payment data is normally required by law then this hack was much worse than simply fooling a website into revealing weaknesses in programming to grant you access. This would mean that a thief acquired either physical access to the machine or acquired access at such a level they had free range to tour the entire directory of the machine to find the hidden encryption keys. So now we have a security problem where a company is lazy with their security and stingy.
Lets go with this idea though. What if the credit card data is not the target? Given common known behaviors in today's internet users, what if the thieves actually had a list of your user data required to log into your Coin Exchanges and Coin trading platforms? Not only could they log in, in cases where lazy users, continue to use the same credentials across every aspect of their internet lives, but now the thieves could potentially acquire your identity and lock you out. In talking with most people I find that when they hear Yahoo got hacked, Citibank or any other huge data hoarder, I hear them think about all of the emails that these hackers must want. Often what really happens is the list of data is compiled and organized and then sold on the Dark Net. Another hacker will buy this list and then say, go over to Gatehub and test the user data against the login page to see which accounts get a hit. Once an email is verified to exist, then they can try the password. A list of 1 million user data, may turn up 30 accounts or more in some cases, but how much money is in those accounts? What other accounts in the world does this same user data work on?
If you are a customer of One Plus then get on over to your Coin Exchange or wherever you are storing your gat and change those passwords and 2FA.
Here is how you must be managing your security so to combat these keyboard clowns:
These techniques are quite simple and should be know parts of everyday life now. Our problems are that we have no idea how our online service providers are securing our data. Let me give you a recent example.... the company of one of my customers commissioned a firm to build a new Ecommerce website for them. Sites this large can range $100,000 or more. It was found out that the company stores User Password data as MD5 hashes only, at least in this project. My guess is that if in this project then every project. So now we have an entire firm of clowns charging you for websites that are already broken on the first day. If they are lazy with that simple requirement, then what is the quality of their programming? How are the storing the credit card data?
So keep in mind, a hacker does not have to hack Gatehub or Bitstamp or whereever when the can go hack any other firm, email provider, online shop or porn site to get your user data their and go on over and test it by simply logging in.
To tell you how Blacksite Wallet combats this and provides you security:
There are many other outstanding little magic tricks that we use to secure your wallets. The number one magic trick of them ALL is, your wallets are not even connected to the internet. Even if our databases are compromised and a thief logs into your account, they can not transfer any coins out. This means that a thief will require physical access to our machines to get to your wallet and even then, of course those machines are secured themselves. Since our login credentials can not be accidentally used across any other website, unless you do it to yourself on purpose stealing this data will not grant them access to any other of your accounts. Yes I know this makes things inconvenient for you and even makes our processes slow, but if you want convenience, walk your butt down to the next little Slushy Mart and get yourself a drink. If you want to pay me for going through extremes to make sure that your wallets are properly and even excessively secured, then come on over :) I am happy to have you as a member.credit card # one plus # hack # password # username #