Reviewing the EmuParadise Breach
By Matthew Tyler, CEO, Blackfoot
We recently came across an article by Infosecurity magazine. Discussing the loss of 1 million gamers’ data in the April 2018 EmuParadise breach. Our view is that this just adds to the already 5 billion user names and passwords available online. As an organisation, the ramifications for your reputation can be massive.
If you must get customers to login. You must keep them safe.
In terms of the EmuParadise breach, at least these were hashed passwords. Just badly hashed. This smacks of either box ticking or a lack of understanding.
Here are are some tips:
- If you must store passwords. Don’t store them in the clear.
- Don’t encrypt them as encryption is really hard to manage well and it doesn't matter how good the lock is if you don’t know where all the keys are it’s not secure.
- Although hashing is better as it’s one way. Hashing must be kept up to date.
Moore’s Law states that computer processing power doubles every 18 months meaning that what used to take 10 years to crack, in some cases can be cracked in seconds.
As GDPR and Data protection bites it will start to make it harder to steal these goldmines. As will using mobile authentication as our biometrics aren’t stored by the company who needs to authenticate you and they don’t need to maintain / secure user names and passwords.
If you have any concerns about how cyber-secure your business is, or would like a cyber scorecard to rate the effectiveness of your cyber spend, contact us today