Passwords are the biggest threat to GDPR compliance
(Last updated on February 17, 2020)
With the General Data Protection Regulation (GDPR) in full effect, data protection authorities have imposed their first fine in Germany. In late 2018, local chat platform knuddles.de was fined €20,000 for storing passwords without encrypting them. As a result, hackers were able to extract and expose 330,000 credentials. The more recent Collections #1-5 leak, dubbed as the biggest data dump in history, includes more than 2.2 billion unique usernames, and associated passwords. The GDPR consequences of the breach remain to be seen.
The Collections leak comes just after the shocking news of a 20-year old hacker leaking the personal information of 1,000 high-profile individuals in Germany. The politicians, celebrities, and journalists had their personal information hacked due to bad passwords. While the young man was acting alone, the relative ease of exposing high-profile targets is shaking the world of cyber security in Germany.
There is no excuse for a company that overlooks the threat of a breach. These incidents should remind everyone that if you don’t take cyber security seriously, you will pay a data security cost. Continue reading to learn more on how you can protect your personal information. If you are a company processing user data, you can get some practical tips on how security design can help you avoid the most common password vulnerabilities.
How to protect your data
The Collections leak made headlines when cyber security expert, Troy Hunt added the leaked account and password information (from Collection #1) to Have I Been Pwned. This free service makes it possible for people to safely check to see if their account information or password has been compromised.
You can check to see if your email address is included in the Have I Been Pwned list. Now, just because your email might have found its way into one of these database leaks, does not necessarily mean you need to panic. In order to truly gain access to your private information, the hackers will also need your password. You should be concerned if you rely on weak passwords for any of the accounts where your exposed email is used as login credentials. If both your email(s) and password(s) are leaked, it makes it really easy for a hacker to run your credentials against other logins to access even more data. Turning on two-factor authentication is a good way to protect your accounts, especially those that contain your banking or private information.
How organizations can protect their data
Specops Password Blacklist is a hosted service with a continuously updated list of previously leaked passwords. The service works together with Specops Password Policy so that companies can block passwords found on the password blacklist. The service blocks people from choosing banned passwords and informs them as to why they cannot use the password.
Specops Password Blacklist currently contains over 2 billion vulnerable passwords, making it a comprehensive blacklisting service for any organization that wants to eliminate weak passwords, or meet compliance requirements regarding password security.