Jump to content

Great, another Acer database gets hacked


Recommended Posts

Digerati

What will be interesting to learn (if we ever do) is how the bad guys got in. 

 

It is impossible for any network that connects to the internet to ensure it is 100% secure or hacker-proof. If, for example, the bad guys were able to breach through a previously unknown vulnerability, that is unfortunate, but hard to blame Acer for. 

 

But if the bad guys were able to breach the network through a known vulnerability for which there was a patch already available to secure it, but Acer failed to apply that patch in a timely manner, then someone at Acer needs to be held accountable, and potentially charged with criminal negligence and spend some time in prison. 

 

What bothers me is apparently, the user information stored on those servers appears to have been stored "in the clear" - that is, not encrypted. Why?

 

This is what made the massive Equifax breach so offensive. It could have easily been prevented. The program developers had previously discovered the vulnerability, developed and distributed the security patch to Equifax months before the breach. But Equifax IT and network security personnel failed to do their jobs and apply it. They didn't just delay installing it - they never installed it. 🤬

 

The Equifax managers and execs also failed to do their jobs by failing to impress upon the their IT and security personnel any sense of urgency to do their jobs. 

 

But worse, none of the personal information of the 143 million people was encrypted. So not only were the bad guys able to easily gain access, once inside, they could easy read people's credit information, including full names, addresses, Social Security numbers, driver's license numbers, and more. If it had been encrypted (an easy process), then even if the network was breached, all the bad guys would have got was a bunch of gobbledygook. But that didn't happen either. :(

 

And the only one held accountable in any sort of way is one exec, who learned about the breach a few days before it was publicly announced, who was charged with "insider trading" for selling off his Equifax stocks before the prices tanked. :(

 

Circling back to Acer - what the Equifax breach (and countless other breaches :( ) told other companies is that they don't have to worry about security because no one will be held accountable if they fail - even through total negligence - to secure users' personal information. :(

  • +1 1
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...