The company eventually developed an actual solution for the vulnerability, but it involves swapping out the circuit boards of affected locks--and Onity refuses to foot the costs for doing so. A December ArsTechnica report suggests the company may be more willing to subsidize replacement boards in the wake of the Texas crime spree, though as of November 30th, Onity had only supplied a total of 1.4 million "solutions for locks"--including those plastic plugs--to hotels globally. In other words, the vulnerability is still very widespread. Epic fail.
Death by a thousand cuts
The year didn't see a massive database breach in the vein of 2011's PlayStation Network take-down, but a series of smaller penetrations came fast and furious throughout the spring and summer. While the release of 6.5 million hashed LinkedIn passwords may have been the most notable hack, it was buoyed by the posting of more than 1.5 million hashed eHarmony passwords, 450,000 Yahoo Voice login credentials, an unspecified number of Last.fm passwords, and the full login and profile information of hundreds of Nvidia forum users. I could keep going, but you get the point.
What's the takeaway? You can't trust a website to keep your password safe, so you should use different passwords for different sites to minimize the potential damage if hackers do manage to puzzle out your login credentials for a given account. Check out our guide to building a better password if you need some pointers.
Dropbox drops its guard
Back in July, some Dropbox users began noticing that they were receiving a large amount of spam in their inboxes. After some initial denials followed by some deeper digging, Dropbox found that hackers had compromised an employee's account and gained access to a document containing user email addresses. Oops! The damage was minor, but the egg in the face was major.