Is there such a thing as "Confidential Customer Credentials" anymore?Article By: Jeremy Bannister (CYBER SECURITY EAGLE)
Recently there was information released about Google’s G-mail customer user account credentials becoming the latest to be put on sale on the Dark Net, along with numerous Yahoo customer user account credentials that stem from numerous cyber-attack incidents spanning from the last 3-4 years. It seems that no company is safe or immune to the exposure of confidential customer user credentials becoming compromised. Every day there seems to be a different security incident leaked or reported that involves customer user profile credentials becoming exposed for unlawful profit. This is just one of the latest security breaches that have risen to the surface of public knowledge.It is becoming very clear to me, that it is almost impossible for any company that offers web services to obtain customer user profile credentials confidential and secure from Cyber-Attacks carried out by hackers. These hackers have been exposing and posting customer user credentials for sale on the Dark Net for a lucrative unlawful profit. Yahoo has been breached on three separate occasions and each security incident has had customer user profile credentials compromised within the last three to four years. These security incidents, in turn, have cost the company a ton of money just in between the negotiation process and the finalized sale of the company to Verizon for around $925 million less than originally agreed sale price. This does not even sum up the overall expected financial loss and overall loss of reputation projected to impact Yahoo due to these three security breaches.There have been several other web service companies also exposed with similar security incidents that have compromised or exposed customer user profile credentials to Cyber-Attacks. This is why it is so very clear to me as a Cyber-Security Professional and web service customer, that it is going to be up to the customer or consumer of these or any other web services to protect their own user profile credentials. After all, you cannot put a price on an individual’s identity or their user credentials that are used to keep user profile secure & confidential. Therefore, end users of web services need to become proactive and educated on the best security practices for maintaining secure & confidential credentials for their user profiles associated with various web services. There are several tools and web articles that can help accomplish this very necessary action needed to be carried out by all web service end user customers. These are just two of the many websites that can offer education and advice on the best security practices to maintain secure user profile credentials (https://security.fnal.gov/UserGuide/password.htm) & (http://cnc.ucr.edu/security/userbp.html).Remember:
Always take extra precautions when dealing with any items or credentials that are linked to your personal and online identity. There is no price tag that can be placed on protecting one's information or identity.