It’s often said that experience is the best teacher—but we don’t have to have had the experience personally to learn from it. If we can gain insight from someone else’s mistake or failure, we can often keep from repeating those mistakes. In honor of Halloween—the scariest day of the year—let’s talk about three real-life horror stories of compromised corporate IT, what happened, and what you can do to keep it from happening to your business.
1. Sony’s Worst Nightmare
Over three years, the Sony Corporation suffered a terrible 1-2 punch affecting two of its biggest divisions. In April 2011, Sony’s PlayStation Network gaming service was compromised by hackers who stole and leaked the personal information of 77 million users—not to mention the tens of thousands who also had their bank information compromised. Then, in November 2014, a hacker group called “Guardians of Peace” hacked multiple computers at Sony Pictures Studios, stealing a huge amount of confidential information, which included scripts, employees’ personal data and compromising emails. (The attack was later tied to North Korea, possibly as retaliation for their offense at the depiction of a murder plot against Kim Jong-Un in the film The Interview.)
In both cases, the attacks could have been prevented—the first by better data encryption and the second, by more robust firewall protection and a more vigilant IT crew. Between the two breaches, Sony had to pay settlements of more than $25 million combined.
What you can learn: Encrypted data is a simple solution that can ward off a large number of cyberattacks. (Just as burglars prefer unlocked homes, hackers look for unguarded systems because they’re easier targets.)
2. Uber’s Wild Ride
In 2016, ride sharing platform Uber experienced the data theft of the personal information of 57 million users and 600,000 drivers. What’s worse, they paid the hackers a ransom of $100,000 to destroy the compromised data—without verifying that the hackers actually had it. What’s worse still, Uber waited a whole year to make the breach public, during which time the personal information of those affected could have easily been used fraudulently.
Remarkably, the breach occurred over a simple mistake that any tech company should know better than to do. The hackers were able to infiltrate Uber by obtaining login credentials that had been incorrectly stored on GitHub, a code sharing service for developers.
What you can learn: First—human error can be your greatest vulnerability, so train your team to protect their login credentials (and your data). Second—cybersecurity isn’t just about keeping data safe, but also about keeping credentials safe. Don’t store passwords in places where they can be lifted.
3. Adobe’s Hidden Flaw
Tech giant Adobe first announced in 2013 that a coordinated hacking of its IT infrastructure had exposed the personal and financial information of nearly 3 million users. But new information soon revealed to the company that the breach had gone far deeper, impacting 38 million active users, and additional username/password combinations totaling 150 million. In addition to user data, the company suffered loss of critical product data, including 40 GB of source code. An investigation revealed the breach occurred because a group of passwords had been encrypted but not “chopped,” leaving them vulnerable.
To Adobe’s credit, had they not had some robust security in place, the situation could have been far worse. Some banking data was stolen but was unusable due to high-level encrypting.
What you can learn: Even if hackers discover a hidden vulnerability, a secured system can keep a bad problem from becoming worse. Some security is always better than no security.
Wicked Bionic has partnerships with technology companies that can ensure your safety. Reach out to us if you have concerns that your IT is not secure enough and we can get you an introduction.