ITProPortal
Experts calling for password abolition following Mail.ru breach
http://www.itproportal.com/news/experts-calling-for-password-abolition-following-mailru-breach
By Sead Fadilpašić
Russian internet giant Mail.ru has been hacked once again, and some 25 million accounts associated with forums run by the company have been compromised.
Russian internet giant Mail.ru has been hacked once again, and some 25 million accounts associated with forums run by the company have been compromised. Among the data that was stolen are usernames, passwords (easily crackable, according to CloudLink), email addresses, phone numbers, birthdays and IP addresses. Security firm CloudLink says theft of this kind of data is worrying, especially with IP addresses involved, as hackers could find a person’s real life address. For the security company, this is yet another proof we need to move away from passwords and into more modern solutions: “Given the severity and regularity of data breaches, it’s clear that passwords are now unsustainable. This latest hack has just added to the long list of large data breaches amongst organisations including Apple, LinkedIn, MySpace, Tumblr and Citrix, yet companies are still risking their client’s security by using passwords,” says Gideon Wilkins, VP of Sales and Marketing at Secure Cloudlink. “The system is flawed and as the appetite for stolen data continues to grow, these breaches will persist unless the IT industry finds a better way of protecting data.” Wilkins says that it doesn’t even matter how well-crafted the password is. If the company handling it doesn’t encrypt it, everything is pointless. “The most concerning angle of this breach is the fact that people’s location may have been exposed, which adds a physical risk on top of the digital element. Even if an individual picks a highly complex password to make it ‘strong’, when a website is hacked, and the website doesn’t encrypt passwords then personal details as well as other high-risk data can still be compromised. Even if passwords are stored in an encrypted format, they can still be stolen and the encryption cracked.” “We have changed the approach and changed the game, the faster a no-password solution is embraced, the less data breaches we will see and the safer user’s data will become,” concludes Wilkins.