If you've shopped with Zappos would be a good time to take stock of the e-mail address and password that you use most often forshopping and banking to meet online.
Known for the online shoe retailer popular, a division of the Amazon on Sunday that the pirates cracked its database to steal customer records for approximately 24 million customers.
Data thieves obtained any credit card numbers, because the data was encrypted, as required by the Payment Card Industry Data Security Standard.
But how is a common practice among many online retailers, Zappos does not encrypt its customer e-mail and postal addresses, telephone numbers, the last four digits of credit card and account passwords.
No retailers normally encrypted to go all the data, according to the rules PCI DSS, which is applied by Visa and MasterCard, necessary because can affect the performance of a site, says Todd Feinman, CEO of security firm bases Finder identity.
Feinman said, it is technically easy to extend the encryption of credit card numbers to other consumers known data value in the hold of the Internet underground. "Visa and MasterCard are fighting to protect credit card numbers, but there is no struggle for the individual consumer, including the e-mail falls into the hands of hackers," says Feinman.
E-commerce has come to turn the user name account is based on an e-mail, and most consumers are unaware of the danger that this provision created. Many use the same e-mail address and password to create accounts of financial transactions across multiple websites. Cyber criminals know this and are experts in taking full advantage.
Zappos customer must be on high alert for "phishing" e-mail made to them to disclose confidential information, such as social security number or a Web link that appears trustworthy, attractiveclick to actually install a virus.
And they should be aware that hackers may try to use their email account and password to access Zappos their other online accounts.
"The hackers are crunching data to determine the password, where weak passwords have been used - such as the reuse of passwords users often," says Stina Ehrensvard, CEO of authentication hardware manufacturer Yubico. "We are very likely due to data that used to be seen elsewhere on the Internet in the coming days."
Fraudsters can use productively the last four digits of the credit card of the victim. "There's always a piece of information, be sure to use the phishing message is authentic," says Feinman.
Zappos even sending e-mails to customers asking them to create new words for their accounts Zappos. The company recommends users to change passwords on another site, where they use passwords or similar.
"We have over 12 years building our reputation, brand and the trust of our customers spent," CEO Tony Hsieh said in a news blog. "It is painful for us to take as many steps back due to an isolated incident."
Notice of Violation Zappos following the announcement of the robbery on Christmas Eve where hacktivists Stratfor.com stolen and published on the Internet, credit card numbers and account log-ons for the more than 50,000 subscribers online publications " .
And 2011 proved to be a record year for the securities on dips large database, Sony, Google, Bank of America, RSA, Lockheed, Epsilon, Nasdaq Office Administration and the Chamber of Commerce of U. S., among many others.
Security experts and technicians in several developments that suggest that the trend will continue in 2012.
Many companies start to the collapse of encouraging an employee by clicking on a link Web corrupt, or open an attachment poisoned.
These messages are poisoned by e-mail, apparently distributed by a trusted employee, or in addition, on Facebook and Twitter.The increasing use of application sharing - on computers and mobile devices - increased opportunities for clever hackers.Even the largest, most demanding companies are vulnerable.
"It's an omen for 2012," says Feinman. "It's the kind of thing that we see throughout the year are."
Yubico Ehrensvard is true. "CEOs realize until the costs of inaction and the hard questions of their team, we expect to see regular reports on violations," she said. "It is more acceptable toa CEO for data security to their customers rely on others. It is their responsibility, if it is stolen. "
The wound Zappos stresses the need for businesses, online retailers in particular, the risk of an accumulation of mountains of routine data on clients connected to reconsider and think about beefing defenses database, say security experts .
"As more consumers choose to shop, it is more important for retailers to monitor malicious activity and protect their customer data," said Mandeep Khera, chief marketing officer at LogLogic data from the control cabinet . "These care to protect their brands and avoid penalties for compliance."
CEO John Weinschenk Cenzic is at least credit Zappos for transparency. "Zappos" reaction to the loss of customer data by other organizations should be emulated, "he said." They presented their customers exactly what happened, what was stolen, and what it meant for them.
"Zappos is the first step of the attack and loss of data seamlessly. Now they are proving to customers that they can have confidence in the future and to protect the personal data required. This will be an ongoing process. "
0 comments:
Post a Comment