I can’t remember the last time we’ve seen so many hacking (and related) stories in the news, particularly in which so many big name brands were affected in such a short amount of time. Last week, of course the big stories were about "Anonymous" taking down MasterCard, Visa, PayPal, etc.
Now stories about brands like about Gawker, Yahoo, Twitter, McDonalds, and Walgreens are dominating the headlines. Last weekend, in case you haven’t heard Gawker was hacked, and passwords were taken. One of the biggest problems with this is that these passwords are often used at other sites around the web, and depending on which sites the perpetrators get access to with these passwords, the ramifications could potentially be disastrous for those whose passwords were stolen.
For example, if abusers were able to get into email accounts, there is no telling what kind of personal information they would gain access to – passwords to other sites, credit card info, etc.
According to the BBC, Twitter, LinkedIn, and Yahoo have all asked users to change their passwords to be safe. If you had a Gakwer account, you may want to consider changing all of your passwords, at least at any critical sites (banks, e-commerce sites, social networks, email accounts, etc.).
Arik Hesseldahl at NewEnterprise shares the following statement from Yahoo: "As part of our ongoing security measures we issued a password reset to some users. Yahoo! does this periodically to ensure the security of users." Hesseldahl speculates that this was directly related to the Gawker attack, however, as he had a Gawker account.
He also reports that Blizzard Entertainment, which makes the enormously popular World of Warcraft, sent an email to users, which said: "We’ve recently been informed that several Gawker Media websites have been compromised…To help minimize the effects of this compromise and help keep your Battle.net account safe and secure, we’ve reset your account password."
McDonald’s was recently hit. Hackers reportedly broke into a database containing email addresses and birthday dates for consumers who signed up for the company’s promotions.
Mark Darvill of security firm AEP Networks tells WebProNews, "High profile hacks such as the breach of the McDonalds database highlight the need for greater data protection. This breach follows a long strike of attacks on websites in light of the release of the WikiLeaks cables and companies across the world will be wondering what website will be next on the hackers’ list."
"In this instance, McDonalds has lost nuggets of customer data rather than reams of sensitive personal information," adds Darvill. "The sad fact is, hackers will always have their eye on how they can steal sensitive personal data. Personal data is valuable as it aids identity theft and can prove a valuable source of income for hackers. This breach highlights the need for organisations to double check what security measures third parties have in place to protect their sensitive data. Data protection is no longer just about protecting data when it is on your premise."
Walgreens also sent an email to users recently saying:
We recently became aware of unauthorized access to an email list of customers who receive special offers and newsletters from us. As a result, it is possible you may have received some spam email messages asking you to go to another site and enter personal data. We are sorry this has taken place and for any inconvenience to you.
We want to assure you that the only information that was obtained was your email address. Your prescription information, account and any other personally identifiable information were not at risk because such data is not contained in the email system, and no access was gained to Walgreens consumer data systems…
Incidents like these are bound to make consumer uneasy about online shopping at the worst possible time of the year. Still, online holiday spending in the U.S. alone reached nearly $22 billion during the first 40 days of the season according to comScore.Update: now that spending has reportedly hit $23 billion.
The FBI is reportedly investigating the Gawker attack.