When I heard about the recent LivingSocial breach, I thought, here we go again. I saw the breach mentioned on the national news, and the reporter listed all of the personal information that was at risk in the breach. Even though that information included names, birth dates and some financial-related data, the focus of that […]
When I heard about the recent LivingSocial breach, I thought, here we go again. I saw the breach mentioned on the national news, and the reporter listed all of the personal information that was at risk in the breach. Even though that information included names, birth dates and some financial-related data, the focus of that news report and articles that I have read was on passwords.
Top Security Threats for 2013
It seems like it always comes back to passwords these days, doesn’t it? The reporter on the news gave the same old list on smart password use, and indeed, Tom Cross, director of security research at Lancope, told me why enterprises should be concerned about the password breach:
It’s important to consider the possibility that some of your employees may have used the same password on LivingSocial that they use to access their work email and VPN accounts. IT security teams should be proactively hunting for weak passwords in their networks, and they should assess the capabilities that they have for identifying compromised accounts.
However, as I looked more closely at the breach, I noticed something a little different about these passwords. They were encrypted. In other well-publicized breaches where passwords were compromised, the complaint was that the company was lazy about passwords and they weren’t encrypted. They were stored in easy-to-access files. LivingSocial took the right security steps by encrypting customers’ passwords. Does this mean that encryption may not be as fool-proof as we thought it was? I returned to Cross to get an answer. He told me:
Even encrypted passwords can be valuable to a bad guy. Encrypted password hashes can be “cracked” with computer software that essentially tries millions of different possible passwords looking for a match. The bad guys will successfully crack the passwords of many LivingSocial users, and knowing the password, name, and email address for a person, they may be able to break into other accounts that those people maintain on other websites.
The most common password recommendation is to create a strong, hard-to-guess code (followed closely by not using the same password on multiple sites), but Cross said this recommendation is easier said than done, saying that even passwords as long as 12 characters can be cracked. He says pass phrases with unrelated words may be a better option.
Encrypting passwords is a right and necessary step, so don’t stop doing it. It is a security step the company provides for its customers. But add to it by insisting your customers use a strong password. The LivingSocial breach is a good reminder that security is a joint effort.
Sue Poremba is freelance writer based on Central PA. She's been writing about cybersecurity and technology trends since 2008.
The go-to resource for IT professionals from all corners of the tech world looking for cutting edge technology solutions that solve their unique business challenges. We aim to help these professionals grow their knowledge base and authority in their field with the top news and trends in the technology space.
Property of TechnologyAdvice. © 2025 TechnologyAdvice. All Rights Reserved
Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.
