Today, it should be less and less surprising that mobile devices and mobile apps are the new shiny object for hackers, as they are the gateway to online banking information and other personal information on consumers and corporate data, and more importantly, the corporate network for business users. In the short term, Wishbone users should change their passwords, use two-factor authentication and regularly check their credit card statements for fraudulent charges. In some respects, people just don't care. Read Lessįorty million users one day, and 100 users the next, leaves most consumers desensitized and unaware that mobile device vulnerabilities and the theft of identities and personal information generates trillions of dollars for hackers and crime groups. Cautionary stories like this one should encourage organizations to rethink not only their security measures and tools but also their processes in collecting, handling, and storing sensitive data, because data breach and theft can happen to anyone. Encrypted or tokenized data, however, could not be listed for sale on the dark web because it becomes undecipherable without the necessary key, therefore reducing the likelihood of data exposure during a breach, and maintaining the security of valuable personal information.
#WISHBONE APP DELETE ACCOUNT PASSWORD#
Unfortunately, in this case the stolen passwords were in MD5 format, a weak form of password hashing which can be decoded by malicious actors and therefore monetized through sale on hacking forums. Tokenizing this data would have rendered that sensitive information meaningless to a hacker or bad actor and therefore worthless to any potential buyers. If data tokenization had been applied to the personal information of the 40 million registered Wishbone users, then they may have avoided a serious scandal which saw valuable information such as email addresses, phone numbers and usernames breached.
0 kommentar(er)
