32 million clear-text passwords taken captive through an SQL vulnerability! RockYou.com, which provides applications and services for social networking sites like Facebook and MySpace was hacked this week – earlier in the week I posted a blog on social networking sites and hackers, mentioning some of the issues with cloud computing as well. This is the world we’re headed for as more people move to cloud services. If you’re going to use the cloud, and in some cases this is the only way to go, you have to consider security as a top priority, not price!
If you’re in the business of selling a cloud type service, whether it’s SaaS, hosted email, or online backup, or some managed service that stores data for the client (of any kind), make sure you move security into first place as part of your value proposition. These passwords were stored in clear text – and that is the problem. Every site can be broken into, the question is, will the perpetrators be detected before they get what they want. Security steps such as encryption make stealing much more difficult, to the point that many won’t even attempt it.
Here’s the RockYou article reported by SC Magazine. http://www.scmagazineus.com/rockyou-hack-compromises-32-million-passwords/article/159676/?DCMP=EMC-SCUS_Newswire