The recent hack at Sony has left customers angry and security experts wondering why the company didn’t make basic fixes to its stricken cybersecurity program.
Late last week the hackers managed to compromise a massive amount of users’ personal data from Sony Pictures’ site using a simple technique. Security experts pointed out that the leak indicated how poorly Sony protected its users’ information: its security was bypassed by a simple attack method. The experts say that any website worth its salt should be able to withstand attacks of this kind. Considering that Lulz Security effortlessly managed to steal a massive amount of personal data of over 1,000,000 Sony users, the hackers must be lining up to give Sony a kicking.
Meanwhile, Sony CEO acknowledged the latest intrusion last Friday, claiming that the company had taken steps to protect against further security breaches. In addition, Sony was reported to retain a team of experts tasked to conduct the forensic analysis of the attack. However, Sony didn’t detail what specific action was taken to prevent future intrusion.
Lulz Security uploaded the stolen data to The Pirate Bay to prove that Sony stored its users’ passwords in a simple text file, which can only be called “disgraceful and insecure”.
Affected users blame Sony for allowing the intruders compromise their personal data, saying that such attitude showed little respect to the customers. Moreover, the company even failed to notify the users about the breach, which occurred several days ago.
Experts of the Cyber Consequences Unit of the United States, a research group engaged in monitoring online threats, were emphatic when asked whether people’s passwords could be stored unencrypted: they simply replied: “Never”. Passwords should always be hashed, so the companies should use some kind of encryption. U.S. Cyber Consequences Unit’s experts, who have been critical of the company’s security earlier, claimed that it needed to revise the methods used to safeguard the users’ personal information. Both Sony customers and security experts recommend the company to press the reset button on their cybersecurity program before another breach happens.
No comments:
Post a Comment