Data Breaches: Passwords and Baseball
June 18, 2015
While the U.S. government continues to assess the damage done by the illegal intrusion of the networks of the Office of Personnel Management, two other hacks uncovered this week show the evolving nature of data breaches and the variety of information hackers are seeking. Password manager LastPass revealed on Tuesday its network was compromised in such a manner that users with weak master passwords are at risk (attackers stole email addresses, password reminders, server per user salts and authentication hashes). The company assured users that the encrypted password vaults where their individual passwords for other sites are stored are safe. The increasing prevalence of account takeover fraud makes email and password combinations, which many people reuse on multiple accounts, valuable. LastPass is likely not the last password manager that will experience an intrusion.
Also on Tuesday, the New York Times first reported that Major League Baseball’s St. Louis Cardinals are under investigation by the FBI for allegedly hacking an internal network of another team to steal player information. The case is likely one of corporate espionage (according to the report, the attack on the Houston Astros may have been motivated by their hiring of a former Cardinals executive) that would not have resulted in the stolen information being used in widespread fraud attempts. It seems apparent, however, no matter what information you’re protecting, it is of value to someone, making every company a target.