About Adam K Levin | Contact | Videos

It’s Getting Harder to Hide HacksData Security


hiding hacksThe Uber hack was an object lesson in the perils of trusting a company to report a data compromise in a timely way, which is why a new hack notification workaround developed by a cybersecurity firm is newsworthy.

Cybersecurity firm Tripwire has figured out a way to detect unreported compromises.

The impulse to hide evidence of an attack, and keep things mum for as long as possible in the event one happens is strong. Uber affected 57 million consumers. That’s not a selling point.  Since there is ample motivation to guard reputation by covering up data compromises, consumers may feel like they lack the data needed to choose service providers and retailers wisely.

Breach notification laws exist in 48 states and 4 jurisdictions, but the penalties for ignoring those rules are not as steep as the potential for lost business.

Tripwire’s fix involves the creation of email address/password combinations registered at different sites and then monitoring those accounts to see if a login occurs. The logic here is quite simple. The accounts were strictly for research, so if there has been a login it means there had been a breach. They are essentially placing tripwires around the forest and waiting for one to be sprung.

Out of the 2,300 sites monitored, 19% of them were compromised. To make matters worse, only one of those sites forced a password change.

The takeaway: You need to be vigilant. Always practice the three Ms as described in my book, Swiped and use a password manager to make sure every account you use has a unique security key.

Here are the three Ms:

  • Minimize your exposure. Don’t authenticate yourself to anyone unless you are in control of the interaction, don’t overshare on social media, be a good steward of your passwords, safeguard any documents that can be used to hijack your identity, and consider freezing your credit.
  • Monitor your accounts. Check your credit report religiously, keep track of your credit score, review major accounts daily if possible. If you prefer a more laid back approach, sign up for free transaction alerts from financial services institutions and credit card companies, or purchase a sophisticated credit and identity monitoring program.
  • Manage the damage. Make sure you get on top of any incursion into your identity quickly and/or enroll in a program where professionals help you navigate and resolve identity compromises—oftentimes available for free, or at minimal cost, through insurance companies, financial services institutions and HR departments.

And here’s the whole story.