Top Ten Info-Security “Oops” Moments of 2013: On the last day of 2013, I thought I would reprise my annual column of the top ten biggest information security breaches or exploits.Nowadays, with news of million-plus caches of credit cards and identities being stolen almost a daily occurrence, one can get numb to these announcements. However, there were a few that, due to their size, newsworthiness or political importance, stood out above the rest. So, without further ado, my top ten “Oops” moments of Information Security in 2013, in David Letterman-esque, reverse order listing:
#10 Yahoo Japan:Yahoo’s Japan site was hacked in 2013 and over 22 million users IDs and associated information was taken.These attacks will only continue to grow as foreign user bases and revenues increase past the once dominant US Internet presence.
#9 UbiSoft: In other non-US news, this major French gaming company announced in July of 2013 that its systems had been breached and attackers made off with an unknown number of user credentials.Details on the attack were limited and the company refused to provide much information on what was stolen other than no payment information was taken and the passwords were encrypted.Still, it made all its users reset their passwords so we are forced to assume that it could have involved their entire user base which is estimated at 50 million registered users.This shows that hackers will continue to hit users where they live and spend, which is increasingly on gaming networks.In addition to taking payment information when they hit these sites, they can also steal gaming profiles and characters which can often be sold on the black market.
#8 Evernote:Users of this popular note taking app were asked to reset their passwords in response to a hacking attempt that may or may not have been successful.Over 50 million users were affected.The hyper growth of some apps can mean that their security processes and protections can often be outstripped by user bases that can exceed 100% monthly growth rates.The security that is appropriate for a few thousand beta users is vastly different than that needed to protect millions.Once your user base reaches these heights, it becomes a lucrative target for professional hacking gangs that are far more sophisticated than the script kiddies that bother smaller sites.This is a cautionary tale for young Turks dreaming of being app millionaires (or billionaires).Have a growth-oriented security plan early on, or you’ll be doing some explaining to your V.C.s and backers later on.