It has been a helluva week to say the least. But, before I get to the cavalcade of compromised companies let’s roll back the clock to July 2012. Back that summer I was simply gobsmacked by the number of breaches that were cropping up in the news. It was somewhat daunting at the time. Just the sheer volume of records that were leaked was troubling.
I was wondering when the bleeding would stop. I thought I was being witty when I dubbed the breaches the “Summer of Breach”. Only, it didn’t stop there. Here we are 4 years later and I’m having some flashbacks regarding at least a couple of the reported breaches. Now, I've decided to start tracking breaches with Wednesday reporting hence, humpday.
In the case of the Dropbox breach I could not help but recall an article from 2012.
While the spam largely contained messages related to European casino scams, and doesn’t seem to have any other impact beyond annoyance at this point for the affected users, its mere existence is now seemingly pointed to a more definite possibility that Dropbox was actually hacked.
According to Dropbox engineer Joe Gross, the outage Dropbox experienced yesterday was ” incidental and not caused by any external factor or third party.”
Hindsight is something else in moments like this. The breach news this past week held that a breach took place at Dropbox in mid-2012 and 68 million user accounts were exposed. Um, about that...
The other piece that caught my attention was the Last.fm data breach that hit the headlines as well. Apparently 43+ million user accounts in this case were exposed in March of 2012. I’m seeing a theme developing here.
This caused me to recall this article,
The company didn’t explain why it believed a breach to have occurred but the tone of apologetic urgency was unmistakable.
“We are currently investigating the leak of some Last.fm user passwords. This follows recent password leaks on other sites, as well as information posted online,” said a notice on Last FM’s site posted late on 7 June.
So, two breaches that took place in 2012 have come back to haunt the victims? Curious to be certain. I’m not usually one to draw connections like this but, you can’t really help but wonder based on the timing and prior articles.
Here is a list of some of the larger breaches that came to light (again) this past week.
What happened: 68 million accounts exposed
What do you do: Reset your password if you have not done so.
Who: Kimpton hotels
What happened: Payment system breach
What do you do: Check your credit card statements for anything out of the ordinary.
Who: Last.fm revisited
What happened: 43+ million accounts breached. Possible result of a phishing attack.
When: March 2012
What do you do: Reset your password as per the company
What happened: Financial institutions compromised.
When: Unclear from the letter sent to clients.
What do you do: Nothing unless you’re a bank using SWIFT.
The long and the short of it is that this summer of breach simply seems to carry on for years. How do so many of these data breaches keep happening? Does anyone really care anymore?