As the world continues to move to digital systems to solve its problems, many people have begun relying on email as a modern form of communication. This service is a great way to exchange simple, quick messages between co-workers and friends, but it has a dark side. Email isn't as safe as many people believe it to be.
While it may be great for simple conversations, a lot of businesses rely on email to move private company information between both employees and outside partners. This is a major problem because email addresses are often hacked and used against their owners to allow hackers to access this sensitive data.
Tumblr's breach was huge …
A great example of this exact issue is the cyberattack that befell Tumblr users recently. According to Motherboard's Lorenzo Franceschi-Bicchierai, around 65 million Tumblr accounts had their email addresses and passwords swiped by a cybercriminal. The good news here is that the passwords were salted and hashed, which means they were sent through a translating program to make them illegible while also adding in random characters. This means that the passwords are basically worthless, as they need to be decrypted by Tumblr itself.
However, this Tumblr hack poses a problem for users who have attached their email to the site. The addresses were in no way encrypted or hidden, which means hackers now have the names behind millions of people's email accounts. That may not sound like such a big problem, but it very well can be.
People who have found themselves on these lists could be receiving strange emails in the future either asking for personal information or instructing them to click a link attached to the message. This is called a phishing scheme, and it requires hackers to throw a very wide digital net in order to catch a small fraction of their original targets. Even so, employees unaware of this threat could very well infect their own computer or company equipment, showing how big a headache this hack could be.
… but Myspace's was bigger
Although Tumblr certainly had a large email data breach, it pales in comparison with the Myspace incident that was discovered. This particular attack saw the information of more than 360 million users leaked to the hacker behind the intrusion. According to LeakedSource, a site dedicated to researching and logging data breaches, this gigantic number is only the start.
The real problem here is the fact that Myspace took very few precautions in order to protect its users' passwords. Although the site used a particularly weak form of encryption, the major issue is that it didn't salt the passwords like Tumblr did. This makes it much easier for hackers to work backward, figure out how the company scrambled the data in the first place and eventually get a plain text version of it.
The reason this is such a huge revelation is the fact that entirely too many people reuse passwords on multiple sites. They think this will make their lives easier, as they only have to remember one or a small handful of phrases, but it's actually one of the worst cybersecurity practices out there. Doing so allows a criminal who's hacked one of your accounts to check if the password works on other profiles, thereby spreading his or her influence.
This means that hackers who've gained access to Myspace email addresses could monitor any activity going through those accounts. What's more, a smart criminal would also be able to leverage this toward getting into any account linked to the compromised address, whether it be a Facebook profile or even a work email. A simple case of password reuse could result in a breach of company information if a hacker plays his or her cards right.
"There are some actions you can take to mitigate any problems."
What should you do if you think you've been compromised?
Although both of these attacks should certainly grab your attention, there are some actions you can take to mitigate any further problems. Both of these sites have since reset passwords for users who have been affected, but it certainly wouldn't be a bad idea to check any email addresses linked to these accounts for suspicious activity.
The best way to do this is to log into these profiles, but you can also quickly check to see if you've been compromised. The site haveibeenpwned.com is allowing people to enter their email address to see if they were a part of the breaches. This particular tool also uses databases from multiple other attacks, so regardless of whether you think you were involved in these attacks, it might just be a good idea to check.
After this, company leaders should sit down with employees and explain the risks of reusing passwords and linking personal accounts to work email addresses. Most workers aren't doing this because they don't care about company security or have malicious intentions – they often just don't know what they're doing is unsafe. During this meeting, it would also be a good idea to explain the dangers of phishing, and why staff members should never click on a link in a message from an unknown sender. Malware that finds its way onto a machine linked up to your organization's network can sometimes allow it to spread to other computers, thereby jeopardizing the safety of information sent and received all over the office.
Email just isn't secure enough
Clearly, relying on email to transfer sensitive information isn't safe. This service obviously has its merits, but security just isn't one of them. Therefore, companies looking to beef up their cybersecurity practices should definitely look into Fax over IP. This service takes advantage of the immensely secure document transfer technology behind faxing, while also enabling users the convenience of email. It's a solid combination that can help ensure your private company records get where they need to be without being intercepted.
Enhance enterprise communication, collaboration and compliance efforts with a proven FoIP solution from FaxCore. Contact FaxCore today to learn more about their 'Partly-Cloudy' fax solutions.