Sorry, something happened and we couldn't sign you up. Please come back later and try again.
Congratulations, you've successfully signed up for our daily news! Check your inbox soon, we've sent you an email.
Sorry, that email doesn't look right to us so we haven't added it to our list.
We're adding your address to our list...
Join thousands of others, and sign-up for Naked Security's newsletter
Global websites 
Press About us Contact us 
Naked SecuritySkip to contentSearch for:Archive by date |author |category
Send us a tip | Subscribe by RSS
MalwareSpamSocial networksData lossLaw & OrderApplePodcastVideoMoreAbout Most Wi-Fi routers susceptible to hacking through security featureData leaks at Stratfor and Care2 mark the end of a year riddled with data theftOver 100,000 people are part of the Sophos community on Facebook. Why not join us on Facebook to find out about the latest security threats.
Hi fellow Twitter user! Follow our team of security experts on Twitter for the latest news about internet security threats.
Don't forget you can subscribe to the SophosLabs YouTube channel to find all our latest videos.
Hi there! If you're new here, you might want to subscribe to our RSS feed for updates.
Already using Google+? Follow Naked Security's Graham Cluley for the latest security news.
On LinkedIn? Join the Naked Security discussion group and connect with your peers in the security industry.
Sorry, something happened and we couldn't sign you up. Please come back later and try again.
Congratulations, you've successfully signed up for our daily news! Check your inbox soon, we've sent you an email.
Sorry, that email doesn't look right to us so we haven't added it to our list.
We're adding your address to our list...
Join thousands of others, and sign-up for Naked Security's newsletter
by Chester Wisniewski on December 30, 2011|1185982 Commentshttp%3A%2F%2Fnakedsecurity.sophos.com%2F2011%2F12%2F30%2Fdata-leaks-at-stratfor-and-care2-mark-the-end-of-a-year-riddled-with-data-theft%2FData+leaks+at+Stratfor+and+Care2+mark+the+end+of+a+year+riddled+with+data+theft2011-12-30+22%3A35%3A43Chester+Wisniewskihttp%3A%2F%2Fnakedsecurity.sophos.com%2F%3Fp%3D118598Filed Under: Data loss, Featured, Podcast, Privacy
Was 2011 the year of the data leak? Could be, but it is hard to tell.
From my vantage point writing daily about the most important stories in information security, data theft may not have been the most important story of 2011, but it certainly impacted more regular people and raised their awareness about the problem of all of their data being "in the cloud".
I shared my thoughts on this today with John Moe on Marketplace Tech Report from American Public Media in the United States.
You can listen to my thoughts on 2011 alongside John Moe, Jonathan Zittrain, Susan Crawford and Danah Boyd in this four minute podcast.
(30 December 2011, duration 4:00 minutes, size 1.9 MBytes)
While Anonymous/LulzSec dominated the data breach headlines, what became clear was that more and more organizations are collecting data about us and doing a poor job of protecting that information.
Compliance rules like HIPPA/HITECH, PCI and others are not really having their intended impact as health records, credit cards, passwords, birth dates and more were all stored insecurely on often woefully unpatched systems.
The number of records stolen was enormous. Sony alone was hacked more than 20 times and lost over 100 million records.
The bulk email marketing company Epsilon leaked names and email addresses from some of the world's most trusted brands like Best Buy, Marks & Spencer, Marriott Rewards, Walgreens and Chase Bank.
South Korean social media users were hit hard when Cyworld and Nate were compromised (both owned by SK Communications) and hackers made off with more than 35 million records.
Like video games that aren't related to Sony? Chances are your data was leaked when the Steam user forums were breached or when Square Enix was hit twice in 2011.
Citibank credit cards users had card information compromised affecting more than 200,000 people as well as customers of handmade cosmetics company Lush.
Of course the biggest story at the end of 2011, wrapping up the year of unsecured data has been the attack Anonymous made on Stratfor.
Stratfor, a company focused on security intelligence services, was attacked by Anonymous who have allegedly acquired 75,000 addresses, credit cards and names of their customers and then posted them publicly.
Sadly it seems companies still aren't learning the lesson of protecting their customers information, even after all of these headlines and millions of dollars in lost reputation to the companies involved.
It was brought to my attention that Care2.com's website was hacked revealing usernames and passwords for the sites nearly 18 million users.
Naked Security reader Bob emailed us to point out that Care2 is storing passwords insecurely.
Rather than storing passwords as a salted cryptographic hash that would not reveal their customers passwords if stolen (or make it much more difficult) they are storing them either in plaintext or in a reversible format.
According to the companies own FAQ about the data breach "Q. What can I do to recover my password?
A. Visit http://www.care2.com/retrieve_password Enter your user name or email address in the green box titled “Forgot your password or log-in name?” Your password will be emailed to you."
Really!? After the attackers made off with all of your customer information you still are following the same insecure practices that put your customers information at risk in the first place?
Where does this leave us? Think carefully about who you share personal information with, and before doing so carefully weigh whether they need that information or not.
And for the sake of all of your digital presence use unique passwords for every site you access. There are great tools to help you like Keepass or LastPass.
To quote American folk singer Pete Seeger "When will they ever learn? When will they ever learn?".
Follow @chetwisniewskiTags: 2011, Care2, Citibank, Cyworld, DataLossDB, epsilon, Marketplace, passwords, Sony, Square Enix, Steam, Stratfor
Most Wi-Fi routers susceptible to hacking through security featureRelated Posts
Ten tips for protecting sensitive data in your organisation
What can you learn from the deluge of data leakage news?
BP in troubled waters over Gulf oil spill data spill
Three men charged in 130 million credit card identity theft2 Responses to Data leaks at Stratfor and Care2 mark the end of a year riddled with data theft
Jon W says:December 30, 2011 at 11:17 pmDear care2:
Instead of emailing our passwords back, why not just post a list of the email addresses & passwords on Facebook and we'll just pick out some to use...?
jessi slaughter says:December 31, 2011 at 4:18 amdropping the pete seeger reference in a stratfor story! well done chet, have a very happy new years!
ReplyLeave a Reply Cancel replyYour email address will not be published. Required fields are marked *Name *Email *WebsiteCommentYou may use these HTML tags and attributes: Notify me of follow-up comments via email.
About the authorChester Wisniewski is a Senior Security Advisor at Sophos Canada. He provides advice and insight into the latest threats for security and IT professionals with the goal of providing clear guidance on complex topics.You can follow Chester on Twitter as @chetwisniewski or send him an email at chesterw@sophos.com.View all posts by Chester WisniewskiPopularRecentRelated
Free coffee from Starbucks and Tim Hortons? No, it's a Facebook scam
Facebook's ticker privacy scare, and what you should do about it
Want to see who has viewed your Facebook profile? Take care..
Most Wi-Fi routers susceptible to hacking through security feature
Free Costco Gift Card for all Facebook users? Scam spreads quickly
Data leaks at Stratfor and Care2 mark the end of a year riddled with data theftMost Wi-Fi routers susceptible to hacking through security feature
Samoa moves to the other side of the world - and misses a day!
HMRC phishing scam promises end of year refund
Large percentage of websites vulnerable to HashDoS denial of service attack
Ten tips for protecting sensitive data in your organisation
What can you learn from the deluge of data leakage news?
BP in troubled waters over Gulf oil spill data spill
Three men charged in 130 million credit card identity theftVideo postsMore videos this way
VIDEO: How to solve the #dragontattoo #sophospuzzle![Typosquatting - study reveals the real risks when you mistype a website's name [VIDEO]](http://sophosnews.files.wordpress.com/2011/12/typing-keyboard-thumb1.jpg?w=75&h=75&crop=1 "Typosquatting - study reveals the real risks when you mistype a website's name [VIDEO]")
Typosquatting - study reveals the real risks when you mistype a website's name [VIDEO]
Identify your missing security patches this Christmas
VIDEO: Awkward! Facebook VP stumped by BBC question
IHC, Mac malware, Nerd New Year, Conficker and Privacy à la Google - 60 Sec SecurityTwitter Feedgcluley: Facebook distributing White Hat Debit Card to Bug Bounty Winners http://t.co/MToOc2gmabout 1 hour agogcluley: Which passwords should you share with your girlfriend? http://t.co/AR8zNYoX Some interesting responses..about 4 hours agogcluley: Anonymous imposters: hiding behind the AntiSec identity http://t.co/VxaK2lOUabout 4 hours agogcluley: Hackers may have accessed Gordon Brown's emails http://t.co/czvtbH2Yabout 6 hours ago
© 1997-2012 Sophos Ltd. All rights reservedLegalPrivacyJobsRSSutmx_section("Test trigger")jQuery(document).ready(function($){ Gravatar.profile_cb = function( h, d ) { WPGroHo.syncProfileData( h, d );}; Gravatar.my_hash = WPGroHo.my_hash; Gravatar.init( 'body', '#wpadminbar' ); });
