It seems that at least once a month we are reading a story about another large company being the victim of hacking. Reports on computer hacking into customer databases of large companies is becoming common news.
The latest victim is Microsoft’s online retail store serving India. Yes, computer giant Microsoft can’t even protect the personal data of its customers. That is scary!
I resisted online shopping for many years for this very reason. Occasionally, I am forced to make purchases online, but I am never comfortable doing so. It is obvious that large corporations are not doing enough to protect the personal information of their customers.
Todd Thiemann, product specialist at encryption company Vormetric, says, “As we saw with Sony, Stratfor, Zappos and others, hackers value this information and are selling it on a thriving black market to others focused on identity theft.” “Companies need to rethink how to value and protect customer data.”
On Feb 13, Microsoft took it’s Store India off line after word got out that the site’s customer database had been hacked. A group referring to itself as “Evil Shadow Team” took credit in a blogpost written in Mandarin.
Evil Shadow’s self-proclaimed leader, who refers to himself as 7zl, told Reuters the data had been found unencrypted on the website. On the blog post, 7zl declared himself to be a “patriotic hacker.”
In a statement to Reuters by a Microsoft spokeswoman, she said, the company is “investigating a limited compromise” of the company’s online store in India. “The store customers have already been sent guidance on the issue and suggested immediate actions.” “We are diligently working to remedy the issue and keep our customers protected.”
In addition, the hackers have released user name and password combinations that were saved in plain text by Microsoft. “Storing this data in clear text is playing with fire,” says Thiemann.
I have to ask the obvious question – why wouldn’t this computer giant have (and use) the resources and knowledge to encrypt sensitive data and not store data in clear text? (more…)