Jump to content

Great, another Acer database gets hacked

crp

By crp
in Security & Networking

 Share

Recommended Posts

Digerati

Digerati

Posted
Posted

What will be interesting to learn (if we ever do) is how the bad guys got in. 

 

It is impossible for any network that connects to the internet to ensure it is 100% secure or hacker-proof. If, for example, the bad guys were able to breach through a previously unknown vulnerability, that is unfortunate, but hard to blame Acer for. 

 

But if the bad guys were able to breach the network through a known vulnerability for which there was a patch already available to secure it, but Acer failed to apply that patch in a timely manner, then someone at Acer needs to be held accountable, and potentially charged with criminal negligence and spend some time in prison. 

 

What bothers me is apparently, the user information stored on those servers appears to have been stored "in the clear" - that is, not encrypted. Why?

 

This is what made the massive Equifax breach so offensive. It could have easily been prevented. The program developers had previously discovered the vulnerability, developed and distributed the security patch to Equifax months before the breach. But Equifax IT and network security personnel failed to do their jobs and apply it. They didn't just delay installing it - they never installed it. 🤬

 

The Equifax managers and execs also failed to do their jobs by failing to impress upon the their IT and security personnel any sense of urgency to do their jobs. 

 

But worse, none of the personal information of the 143 million people was encrypted. So not only were the bad guys able to easily gain access, once inside, they could easy read people's credit information, including full names, addresses, Social Security numbers, driver's license numbers, and more. If it had been encrypted (an easy process), then even if the network was breached, all the bad guys would have got was a bunch of gobbledygook. But that didn't happen either. :(

 

And the only one held accountable in any sort of way is one exec, who learned about the breach a few days before it was publicly announced, who was charged with "insider trading" for selling off his Equifax stocks before the prices tanked. :(

 

Circling back to Acer - what the Equifax breach (and countless other breaches :( ) told other companies is that they don't have to worry about security because no one will be held accountable if they fail - even through total negligence - to secure users' personal information. :(

  • +1 1
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...