Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Pastebin analysis reveals true scale of 2013 global data breaches

John E Dunn | Feb. 19, 2014
The true scale of global data breaches must reach into the hundreds of millions, according to Swiss penetration testing outfit High-Tech Bridge which has discovered that 311,095 user credentials were posted to the popular Pastebin website during 2013 alone.

Why things have got this bad is not hard to fathom; in Kolochenko's view, it's a mix of insecure web applications and conventional Trojan scraping from end users. The way fragmented databases are connected to these insecure front ends also doesn't help, he said.

More complex weaknesses such as the one believed to have undermined Target usually result in the most spectactular and public losses.

The one spot of good news is that the suicidal passwords (i.e. '123456') are less common than some recent stories might suggest. The commonest failure was simply adding a number to a common noun, opening users to trivial dictionary hacks. Most serious of all, users also have a habit of re-using the same passwords over and over, a behaviour that multiplies the effects of a single breach across many other sites.

Earlier this month High-Tech Bridge revealed that while patching times have improved in the last year, progress is still behind improvements on the side of the attackers.


Previous Page  1  2 

Sign up for Computerworld eNewsletters.