{"id":900,"date":"2013-07-18T17:44:01","date_gmt":"2013-07-18T17:44:01","guid":{"rendered":"http:\/\/kasperskydaily.com\/b2b\/?p=900"},"modified":"2019-11-15T07:26:40","modified_gmt":"2019-11-15T12:26:40","slug":"hot-summer-of-2012","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com\/blog\/hot-summer-of-2012\/900\/","title":{"rendered":"Hot summer of 2012"},"content":{"rendered":"<p>In addition to the above examples, there were two other large scale and highly scandalous invasions in July and August of last year. The victims were users of the popular file-sharing service Dropbox and Blizzard\u2019s gaming service Battle.net.<\/p>\n<p>Dropbox acknowledged the leak of personal data in late July, though they were quick to assure that the addresses and passwords had been stolen from \u201cthird party sites,\u201d ultimately, because users had used very weak passwords.<\/p>\n<p>Alas, it was not all that simple. As it turned out, it was one of Dropbox\u2019s employees who suffered from the attack, and it seemed, that he or she also neglected the basics of network security and used the same password for different resources. All in all, the attackers accessed his or her file storage and found an unencrypted document with a list of users\u2019 email addresses.<\/p>\n<p>Another problem was that Dropbox had already experienced attempted attacks by hackers, with one of them managing to get a few combinations of usernames and passwords. Of those combinations, one <a href=\"http:\/\/www.zdnet.com\/dropbox-gets-hacked-again-7000001928\/\" target=\"_blank\" rel=\"noopener nofollow\">belonged<\/a> to the Dropbox employee.<\/p>\n<p>After that, a great deal of spam poured into Dropbox users\u2019 mailboxes, including phishing messages and other malware. Following the incident, Dropbox introduced a two-factor authorization, although for users this option was to be <a href=\"https:\/\/www.dropbox.com\/help\/363\/en\" target=\"_blank\" rel=\"noopener nofollow\">activated separately<\/a>.<\/p>\n<p>Blizzard had already implemented two-factor protection (with the use of mobile devices) for a long time. It basically forbade stealing people\u2019s game accounts. However, there was <a href=\"http:\/\/us.blizzard.com\/en-us\/securityupdate.html\" target=\"_blank\" rel=\"noopener nofollow\">an intrusion into the internal infrastructure of the company<\/a>. The attackers managed to get ahold of a number of email addresses of Battle.net users around the world. In addition, hackers accessed the answers to security questions, authorization via mobile devices, and hashed passwords. Blizzard\u2019s statement, however, said that the attackers would have a difficult time trying to decode the passwords, because of Secure Remote Password (SRP) protocol being used.<\/p>\n<p>The users were advised to change their passwords anyway.<\/p>\n<p><b>Twitter (February 2013)<\/b><\/p>\n<p>In February 2013 attackers invaded the Twitter base and stole logins and email addresses together with hashed and salted passwords for 250,000 users.<\/p>\n<p>According to the Twitter administration, the user database was cracked by professionals. Moreover, Twitter\u2019s head of safety and security, Bob Lord, quite eloquently <a href=\"https:\/\/blog.twitter.com\/2013\/keeping-our-users-secure\" target=\"_blank\" rel=\"noopener nofollow\">alluded<\/a> that the attack was performed by the same professionals who had previously hacked The New York Times and The Wall Street Journal (was it <a href=\"http:\/\/www.securelist.com\/en\/analysis\/204792287\/Winnti_More_than_just_a_game\" target=\"_blank\" rel=\"noopener nofollow\">Winnti<\/a>?).<\/p>\n<p>Lord also mysteriously mentioned the recommendations by the U.S. Department of Homeland Security to disable Java in the browsers because of a well-known vulnerability <a href=\"http:\/\/web.nvd.nist.gov\/view\/vuln\/detail?vulnId=CVE-2013-0422\" target=\"_blank\" rel=\"noopener nofollow\">CVE-2013-0422<\/a>, for which a zero-day exploit was discovered. Lord did not elaborate much on its connection with the Twitter attack.<\/p>\n<p><b>Evernote (March 2013)<\/b><\/p>\n<p>In March, the popular service Evernote urged all of its 50 million users to change passwords. The necessity arose after an unauthorized entry into the internal infrastructure of the company occured. The attackers managed to gain access to logins, relevant mail addresses and hashed passwords that Evernote fortunately stored in a salted form. The criminals did not make it to the users\u2019 content. However, Evernote was criticized for the lack of two-factor authentication. There were also many harsh words said about the Evernote invasion as a bad attempt for publicity of cloud services in general, for the situation itself favored SaaS opponents.<\/p>\n<p><a href=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2013\/07\/06015803\/evernote.png\"><img decoding=\"async\" class=\"aligncenter size-full wp-image-903\" alt=\"evernote\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2013\/07\/06015803\/evernote.png\" width=\"800\" height=\"518\"><\/a><\/p>\n<p><b>Conclusion<\/b><\/p>\n<p>We\u2019ve brought you through several examples of big data leaks. What do they have in common? Almost everything and yet nothing at the same time. By \u201calmost everything\u201d we mean they all saw an unauthorized invasion of the servers of a large public service provider and respectable amounts of data being stolen. By \u201calmost nothing\u201d we mean that in each case a different way of penetration was used, a different kind of vulnerability was found, and the affected companies each published different accounts of the incidents. In most cases, it was stated that the stolen data was of almost no practical use since the passwords were encrypted. Still, in every case users were encouraged or forced to change their passwords as a precaution.<\/p>\n<p>The problem is, firstly, users often use the same passwords for different resources. Secondly, they set weak passwords that are easily cracked by brute force, particularly if the hash values are not salted.<\/p>\n<p>The leak of any data for businesses operating with users\u2019 information will put them into a state of emergency in terms of potential financial and reputational losses. Therefor, security measures should include protection against all possible options, i.e. solid encryption of transmitted and stored data (besides hashing, salting is also required); thorough auditing of third-party software, if there is any; the use of automatic protection, such as exploit blocking, against zero-day vulnerabilities. And the most important measure is, of course, training staff and users on the basics of network security: no short and easily cracked passwords, no reusing of passwords in various instances. From users it requires minimal efforts, but sticking to these rules can keep trouble away.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>In addition to the above examples, there were two other large scale and highly scandalous invasions in July and August of last year. The victims were users of the popular<\/p>\n","protected":false},"author":209,"featured_media":16431,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1999,3052],"tags":[961,422],"class_list":{"0":"post-900","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-business","8":"category-smb","9":"tag-leaks","10":"tag-threats"},"hreflang":[{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/hot-summer-of-2012\/900\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/hot-summer-of-2012\/900\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/hot-summer-of-2012\/900\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com\/blog\/tag\/leaks\/","name":"leaks"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/900","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/209"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=900"}],"version-history":[{"count":2,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/900\/revisions"}],"predecessor-version":[{"id":31148,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/900\/revisions\/31148"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/16431"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=900"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=900"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=900"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}