With major security breaches — such as the recent Ashley Madison scandal — making their way into headlines, it becomes clear that relying on encryption to keep your sensitive data secure could be an unwise and costly decision.
The damage done to Ashley Madison as result of their data breach was undeniably severe:
- The data dump consisted of 9.7 gigabytes of stolen information on over 32 million users, of approximately 40 million total who were signed up with Ashley Madison at the time.
- The leak exposed all information on each user, including name, address, email, and phone number.
- It also exposed the users’ payment methods and other sensitive financial information.
Even after the devastating consequences of such a breach, representatives at Ashley Madison maintained that password encryption should’ve been enough to keep hackers out. However, could this be the case, really?
While it is certainly true that the passwords were protected with strong encryption, there was a file amidst the leaked data that contained millions of passwords that were stored using a much weaker version of encryption.
These poorly protected passwords did not even require upper and lower case letters, which is usually a standard in password security protocol. Upon discovery of this particular file, it was a simple matter for the attackers to experiment and crack the encryption using brute force methods of hacking.
An Important Lesson For IT
As a result of the data breach, Ashley Madison taught the IT world a crucial lesson. Security tools cannot be relied upon solely for the protection of sensitive company information. These tools need to be implemented properly throughout user practices, specifically because human error accounts for almost one-fifth of all reported security breaches. One form of security simply isn’t enough; a comprehensive array of security procedures is necessary for any company that doesn’t want to end up like Ashley Madison.
Contact Quality IT Solutions today to learn more about encryption and other security tools that can ensure the protection of your company’s sensitive data. Reach out to us at (561) 200-8120 or send an email to firstname.lastname@example.org for more information.