[ad_1]
Well, well, we learned that CityBee, possibly due to negligence by IT professionals and improper cybersecurity practices, lost a database with 114,000. personal data of users: names, surnames, easily decipherable passwords, personal codes, driver’s license numbers. The person who found and sold the data himself declares in online forums that it was not some kind of data theft with piracy, it was just the taking of publicly available data. That is, according to who is presented as the seller of the CityBee data, the data was placed without any protection in a little known place and not easy to find but unprotected, and it was not a crime to take it, because it was not broken anywhere . And what about that?
Numerous conclusions can be drawn from this.
First – Many people who have been very careful to protect their privacy, but who have entrusted their data to CityBee due to the terms of service, have now lost that privacy and have become potential targets for programmers.
Non-Germans collect data on people using a variety of data sources, using OSINT and other tools available to them. Gathering data into profiles that can be used for targeted attacks is a time-consuming and labor-intensive task, and here are full profiles, pure and real (albeit somewhat outdated) data.
Even worse is the situation with passwords. They were not adequately protected against decryption, so they were available for free or for a fee. hash’ų libraries can recover most of those passwords. Finally, even if the libraries are not available, tens or even hundreds of millions can be generated with a powerful gaming video card. hash’ų per second and compare them to what’s in the database. Some of these passwords are likely to be used on other systems, allowing criminals to attack user accounts other than CityBee.
Also, a password leaked with this database can emit principles that make a person think of different passwords. Those who use the password citybee123 in the CityBee system are likely to use the same rule in other places, say paypal123 in the Paypal system. So we get enough information about a person from such a data set to try and attack him in one way or another. This is the end of my privacy and the privacy of the other people in that data set “, he defined with 15 minutes Cybersecurity specialist Darius Šveikauskas reported.
This means that once you enter this CityBee data loss meat grinder, you don’t have to change the password, which is used in the same way as other services to log into CityBee (which would be a very poor password practice ). Even the smartest users who have created a password system will have to change it and abandon the easily predictable password generation strategy.
Duplicate numbers like dates of birth, “lucky numbers”, primitive number sequences like 12345 and the like should be avoided. The same goes for the words: It is not safe to use the name of the system you are connecting to in the password. The same can be said about the habit of using the name of the second half, the name of the pet, the names of the children, etc., these data can be easily collected from the profiles of social networks. The password generation system should be difficult to predict so in cases like the one we are talking about, it is not possible to guess the passwords of other systems / accounts.
Second – Just because we know that CityBee has been hit doesn’t mean they are the only ones to have suffered such a cybersecurity fiasco.
[ad_2]
