how safe is your digital data? « Trends in high tech security:
The recent hack of the Sony network has exposed user information on approximately 77 million accounts. The attack, according to an article in the The Telegraph, has potentially exposed passwords and credit card numbers. If this is true, this is “not good”, since it would imply that the passwords and the credit card numbers were not encrypted when they were stored in Sony’s network.
I registered for the Sony network, so apparently my credentials were among the ones stolen during this attack. At the end of this posting is the email message that I received from Sony about the incident. (I have removed some information that is not important for this posting.) The posting recommends changing the account password once the Sony network has been reactivated.
The Sony network required an email address and a password for a user to log into their network. An email address along with a password is used for authentication to other networks, such as LinkedIN or Facebook. Thus, it is possible that some of the accounts compromised in the Sony network attack can be used to hijack non Sony accounts. The below email message from Sony would be better if it recommended that users change all accounts using the same email address and/or the same password used in the Sony network.
What can users do? When registering for networks such as Sony’s, Amazon’s or others, be sure the email adress and password used for authenticiation on one site is not used for authentication on other sites. This means that a user needs to ensure that the userid/password used to log into Facebook is not the same as the userid/password used to log into the Sony network. This will limit the potential risk if one network is compromised For example, my amazon ID is not at risk from this attack since I user different account information for the Amazon and Sony networks.