Date or Hack ? Jul 17,2013

When people upload their personal information on different websites, do they take a moment to think what would happen if that information gets in the wrong hands? Usually they don't as they trust the website to keep their information secure. But in numerous cases, organizations are unable to keep their promises, leaving their users vulnerable to threats and blackmail.

In 2012, a popular online dating website 'e-Harmony' and its users confronted the nightmare that they wish had never occurred. The same hacker who stole almost 6.5 million passwords from LinkedIn earlier attacked e-Harmony in a similar manner and stole almost 1.5 million accounts. The hacker breached their security by exploiting an SQL injection vulnerability in a subsidiary website.

A small malicious script was inserted into the database that fed information to the website. The hacker got access to their database and stole a text file that included user names, email addresses and hashed passwords. The hacker published the hashed passwords online and even asked his/her peers to assist in cracking these passwords. Later on, the stolen information was made available for $3,000 to $5,000.

Fortunately the security experts of e-Harmony managed to gain access to these accounts immediately by using brute force techniques and sent emails to all users to reset their passwords. However, it is evident from this fact that the passwords were not encrypted and securely stored. The company might not have lost much but it is the users that go through all the misery. On such websites, people have information that they do not even want their closest friends to see. When the information leaked out, it broke the bonds of trust and left them vulnerable to cyber harassment.

It is often said that 'we learn from our mistakes'. When LinkedIn's accounts got compromised, it was world news and everyone should have taken steps to enhance their security. However, organizations prefer to adapt a false belief that they do not have any enemies and no one would harm them. In the cyber world, any website can go down at any time. If e-Harmony had installed database security systems such as the ones Zenith Secure provides, this disastrous incident could have been avoided.

Zenith Secure provides a product called ZenithVault that allows organizations to store their data in a disintegrated form on different servers. These servers are located in different locations, have encrypted passwords and run different operating systems. In this manner, all the data would have been encrypted and even if the attacker tried DDoS techniques, only one server could be compromised at a time, and the information available to the hacker would not make sense. Additionally, Zenith Secure provides penetration testing services that could determine the vulnerabilities of the system prior to the security lapse so that the necessary measures could be taken.

Even the well established organizations need to maintain their promise of security, as one security lapse could create a wide gap in customers' trust. Therefore, companies need to take the optimum security measures to avoid such incidents. For more information regarding database security, businesses need to contact Zenith Secure.