Skip to Main Content

Identity is Security: Sitting Ducks

If you like to sell your used items on eBay, you may want to read this first. According to Blancco Technology Group, 42% of used drives sold on eBay are holding sensitive data, with 15% containing personally identifiable information. The study analyzed 159 drives purchased in the U.S., U.K., Germany, and Finland. The information found included: a drive from a software developer with a high level of government security clearance (including scanned images of family passports and birth certificates), university student papers and associated email addresses, and 5GB of archived internal office email from a major travel company. That’s quite a lot of sensitive data for a stranger to have. Needless to say, prepare to erase your hard drives before you sell them to an online marketplace. It’s a no-brainer for me already, but these survey stats certainly drive the point home.

In other news, a team at vpnMentor stumbled upon another unprotected database in the United States while performing an internet-wide sweep of unsecured cloud databases. This particular database they found was quite unusual. The archive contained records for over 80 million U.S. households, but here’s the ‘unusual’ part. The data was of people over the age of 40. Their information—names and addresses—were left unencrypted and easy to see. It was reported that the database was left without any kind of password at all and it also included data (albeit coded) of their gender, income level, and marital status. Without any password at all, it doesn’t matter if certain data is encrypted or not. The data is a sitting duck as any skilled hacker can lift the personal data from a database and sell it on the dark web. Not only do we each need to be ever-vigilant with how we protect our personal data from theft (with strong passwords, for starters) but even that isn’t always enough, as this news item so clearly points.

And speaking of passwords, this Thursday we celebrated World Password Day by publishing a blog by our CMO Juliette Rizkallah. In Juliette’s blog, she reminds us of the following three key steps to remember when dealing with passwords.

  1. Don’t keep
  2. Don’t reuse
  3. Don’t make them simple

And what exactly makes a good password? We asked a few people around the office what they think makes the perfect password. Check out what they said here.

With that, we leave you to wrap up your week. Let us know what security stories caught your eye.