Community
So, Sony got hacked. Again. According to Lulzsec, the collective who hacked internal Sony networks and websites, they compromised over 1 million accounts, including admin details and passwords, along with 75,000 "music codes" and 3.5 million "music coupons".
What caught my attention in the LulzSec statement was the following:
"What's worse is that every bit of data we took wasn't encrypted. Sony stored over 1,000,000 passwords of its customers in plaintext, which means it's just a matter of taking it. This is disgraceful and insecure: they were asking for it."
Thales has written often in the past about the importance of complementing perimeter firewalls and other defence with protection inside the perimeter. Now here is a hacker who is saying pretty much the same thing. But hackers never stand still. Data protection needs to be data centric. Sensitive data should be encrypted at the point it enters a system using techniques that ensure the encryption key used can only be used subsequently to decrypt data for legitimate business transactions and data volumes. Protecting the key and using a key policy that enforces its use by legitimate applications only and ensuring it cannot be [ab]used to decrypt large blocks of data is the most effective way to do this.
This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.
Mete Feridun Chair at EMU Centre for Financial Regulation and Risk
22 October
Alex Kreger Founder and CEO at UXDA Financial UX Design
21 October
Robert Kraal Co-founder and CBDO at Silverflow
20 October
Stanley Epstein Associate at Citadel Advantage Group
Welcome to Finextra. We use cookies to help us to deliver our services. You may change your preferences at our Cookie Centre.
Please read our Privacy Policy.