2012's worst security exploits, fails and blunders

Stolen social security numbers. Erased online identities. Pilfered payment information. Yep, 2012 was a banner year for the bad guys.

By Brad Chacos, PC World |  Security, privacy

At the same time, a very small number of users had their Dropbox accounts actively broken into by outside sources. Investigations revealed that the hackers gained access to the accounts because the victims were reusing the same username/password combination across several websites. When the login credentials were leaked in a breach at another service, the hackers had all they needed to unlock the Dropbox accounts.

Dropbox's woes highlight--again--the need to use separate passwords for different services, as well as the fact that you can't trust the cloud completely yet. You can take cloud security into your own hands with the help of a third-party encryption tool.

Millions of South Carolina SSNs pilfered

Speaking of encryption, it would be nice if the government followed basic security principals.

After a massive October data breach resulted in a hacker obtaining the social security numbers of a whopping 3.6 million South Carolina citizens--in a state with just 4.6 million residents!-- state officials tried placing the blame at the feet of the IRS . The IRS doesn't specifically require states to encrypt the SSNs in tax filings, you see. So South Carolina didn't--though it plans to start now, hindsight being 20/20 and all.

On the kinda positive side, debit and credit card details of 387,000 South Carolina citizens were also swiped in the digital heist and most of the those were encrypted, though that's likely little solace for the 16,000 people whose card details were stolen in plain-text form.

Skype's massive security flaw

In November, Skype users temporarily lost the ability to request a password reset for their account after researchers identified an exploit that allowed anybody to gain access to a Skype account as long as the person knew the email address associated with the account. Not the account password, not the security questions--just the simple email address alone.

Skype quickly plugged the hole when it caught the public eye, but the damage had already been done. The vulnerability was floating around on Russian forums and actively being used in the wild before it was shut down.

Hackers steal 1.5 million credit card numbers

Originally published on PC World |  Click here to read the original story.
Join us:






Spotlight on ...
Online Training

    Upgrade your skills and earn higher pay

    Readers to share their best tips for maximizing training dollars and getting the most out self-directed learning. Here’s what they said.


    Learn more

Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Ask a Question