you're reading...
Security, Thinking Aloud

Sony Breached — AGAIN! What you should do to protect your privacy.

If there are people who should learn from history, they’re the one at Sony. People have barely forgotten the recent PS breach that occurred barely a month ago and here we go again. (Is this going to be a monthly thing?) If the reports reaching me are true, a group that calls themselves “Lulz Security” claims that not
only was the database breached by using a simple SQL injection attack
but also that the passwords were stored in plain text. Forget negligence and irresponsibility, that’s downright — pardon the term — idotic. Who stores private data in plain text??? (If you have no idea what plain text is, visit my Non-Technical Introduction to Cryptography) They might as well have written them down of post its and left it lying around and we wouldn’t notice the difference. Except, probably, that it would be harder to get and post all 50,000 of it at once.

Lulz Security claims to have posted 50,000 records on the net. I know someone who have tried to call 8 numbers and all 8 checked out but we do not know if the entire data is real. Unfortunately,
unless they contact all the victims there is no legal way to find out if it
is real data.  Unfortunately, unless they contact all the victims there is no legal way to find out if it is real data.

Now, what do you need to do? Well, personally I don’t have an account with Sony but if you really had to have the Sony account here are the precautions you should take:
If you every used any log-in or had to provide a password anywhere in the Sony site of their affiliates,   it would be an exceptionally brilliant idea to make sure you are not using the same password anywhere else. It seems like I can’t say this enough: don’t re-use passwords. Passwords are like Kleenex, each one should be made from virgin pulp. Or new. Whatever. Just don’t re-use.   It would also be a good idea tochange your password challenge answers on other web sites. Password challenge questions are the “security questions” the site would use if you forgot your password. The danger is that if your email, social networking, bank, or other account uses the same questions then the answers are now exposed. Well, the only good thing that can probably come from this is if you forgot your password and password challenge answer for an account elsewhere chances are, they are probably the same ones that Sony (as good as) gave away.

This isn’t the first and I’m sure it will happen again. If not to Sony then to other providers and/or social networking sites. There is no excuse to ignorance and stupidity when security specialist and security tools abound. In an age when 10 year olds can easily encrypt their hard drives, it makes you wonder who put the toddlers in charge.

So take charge of your privacy. Information is your best security.


About princess of antiquity

Abbi Cabanding is a member of the Security Bloggers Network and had been blogging on information security since 2006. She is also a member of the Association for Computing Machinery. She studied Computer Science and Fine Arts at the University of the Philippines - Diliman.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Sin of Silence E-Book

single-page view
two-page view

On Wordpress

  • 96,913 readers

Subscribe via FeedBurner

Enter your email address to receive notifications by email.

Princess of Antiquity on Twitter

RSS Princess of Antiquity on Tumblr

  • An error has occurred; the feed is probably down. Try again later.

Creative Commons

Creative Commons License
Original content in this work is licensed under a Creative Commons License.
%d bloggers like this: