Why the Adobe Hack Scares Me -- And Why It Should Scare You
Ron Czapala
Posts: 2,418
http://www.huffingtonpost.com/adam-levin/why-the-adobe-hack-scares_b_4277064.html?ncid=txtlnkusaolp00000592
Excerpt:
Excerpt:
If you're one of those folks who believed that "it will never happen to me," when it comes to identity theft, the hack of Adobe's internal database isn't just bad news -- it's scary. It is increasingly inevitable that every business will suffer some kind of data breach -- and that each of us will be a victim of identity theft, possibly as a result of one of those breaches. Suddenly, just being careful about your own information is no longer enough to keep yourself safe.
If there is one universal truth about identity theft, it's that you'll never know how bad it is until long after you've been put in danger (if you ever really know). The Adobe hacking situation just illustrates the growing problem with identity theft and how ordinary people are often the real targets of hackers who target big companies.
It all started when Adobe reported the breach of more than 3 million customers' information (including password-identifying information), then upped the number to 38 million. Last week it got a whole lot worse when an outside company found the data of some 152 million Adobe customers on a site frequented by cybercriminals. That could mean that the Adobe hack is the largest in history.
Comments
Yes I consider a companies data bases, like Adobe's, the open internet. You have no clue how they are managed or who has access to your data and they are not regulated in any way.
I put "identity theft" in quotes because I'm not sure what it means. I mean, nobody would want to be me, not even me sometimes:)
If it means those numbers required to get money out of my bank account, well that has been going on since before there was an internet. I have had to get many charges on my credit card undone over the years.
Since the databases have a significant monetary worth, the hacking of it would be a loss of tangible assets to the company...lose enough and you go bankrupt.
Right now you have a situation where companies suffer no punitive penalty for loss of customer data.
Change that and you will see the situation change.
Tie the CEO bonus to the security of customer data and you can bet it will change.
Consider all the NSA data gathering using automated systems that can also be just as eaisly hacked and all that data stolen.
We are talking everything, names, conversations, emails, business secrets, insider knowlege, etc...
Benjamin Franklin had it SPOT ON.
"Those who would give up Essential Liberty to purchase a little Temporary Safety, deserve neither Liberty nor Safety."
The tired old argument, " if you have nothing to hide" is a complete failure, when everyone has something to hide. Like their personal bank account numbers, pins, SSN's, addresses, personal phone numbers, private conversations, etc..
The proper answer is to stop the gathering of data that isn't absolutely necessary.
Does a company REALLY need to keep all your address, cc card info, etc in their servers for someone that purchased something years ago? Isn't it the responsibility of the consumer to make sure all their ducks are in a row when it comes to proof of purchase? Is Printing a receipt, with order #'s and keys etc REALLY that hard to keep in the filing cabinet?
2) Put laws into place that make it mandatory for all companies to purge the customers private financial information once the purchase has been made. All they need is just the person's name and address. That's it.
3) Make identity theft a class 2 felony. You steal and get caught you do 20 years in the same prison as rapists and murderers. No more pats on the wrist like they do now. And the same should go for any company coder that aided and abetted the crime. Second time they're caught they do life. Two strikes and you are out. Guarantee you that many geeks that are into this line of work will think twice if they end up as bubba's punching bag or wife.
Now these laws won't stop stupid greedy geeks, but it will put a lot of them behind bars and make life h**l for them. And everyone we take off the streets is a good thing.
http://news.msn.com/science-technology/big-retailers-studying-your-store-moves
http://news.msn.com/science-technology/is-facebook-following-you-to-the-grocery-store?ocid=msnnws
http://news.msn.com/us/retailers-keeping-tabs-on-consumers-return-habits?ocid=msnnws
So these guys do indeed end up footing a big bill, up to and including the loss of their ability to manage customer credit card details. For a company like Adobe to have to go to third-party infrastructure, that would amount to tens of millions lost each year.
I don't know if I would like to be you, but I sure would like to have your skillset! That Z80 emulation, for instance......I wouldn't even know where to start.
Sincerely,
Doug
Well now, doesn't that just point out a contradiction in a lot of people. It's OK for NSA to have your phone metadata & recordings of stuff and location information from your mobile phone, etc, etc., etc.,.., but not some "hackers" that hacked into Adobe?
Tell me, those who see a difference.....do you know that the character of NSA hackers are better than the ones that hacked Adobe? Do we know that it was not the NSA hackers who hacked Adobe? People make some assumptions based on normalcy bias that just don't hold true.
Think about it.
You forget that your personal data is shared via 3rd parties...so any data of yours that is out there is available in multiple databases...all vunerable to outside viewing.
And your data footprint is everything about you.
Consider it like a computer program where you have a global variable...seen by all the program logic.
I agree that they are paying a cost...but it is obvious that the cost is too low..for the data leaks are continuing.
Has any CEO been held accountable for any company's data leak?
I personally have had several credit cards reissued because of merchant data base compromises. While CC companies are tight lipped about the problem, several have commented that they have had to reissue MILLIONS of new cards because of it.
A recent example...I was talking to the fraud division of a major credit card companie in connection with a card that has been reissued...during the conversation it became obvious that the company had very extensive info on my extended family members...none of which I had given them.
Never underestimate what is known (correct or incorrect) that is known about you and your life.
How can a consumer tell every instance?...you can't if you don't know about it.
The system is set up to vaccum up each bit of info on every American.
The best security is to keep your private life off line.. maybe a separate computer.
I'd be a nervous wreck thinking about it all.
It is just the latest one that has come to light..
This country needs to develop idenification technology ASAP ...which will be an enormous challenge considering the personal privacy issues it raises.
It is basically impossible.
If you keep all your personal data on paper, everyone else has it on computers..which are hackable.