Is anything sacred on the Internet? Well, if recent revelations are anything to go by, no, not really. If you are concerned about your personal information, then you might want to look away now.
It appears that Dropbox, an online service that allows you to store photos, documents and other media online, has accidentally opened up all accounts as a result of an update. Cue hundreds of irate customers taking the company to task on their blog and a PR meltdown. Whilst the issue has been resolved now, the damage is still yet to be properly assessed.
However that is a mere drop in the ocean compared to the potential data leakage perpetrated by LulzSec. The notorious hackers today announced that they had obtained all records from the latest UK census – that’s 40 million+ records. So if you sent in your information in good faith, it could well be available to all and sundry – if the claims are to be believed of course.
In the case of Dropbox, unfortunately mistakes do happen. Whether it’s human error, as appears to be the case here, or something more fundamental, a security breach can be unnerving for customers – particularly in such a competitive market. If not properly dealt with, a small issue can snowball into widespread public panic.
However, many would argue that anger is an appropriate response, particularly for those paying the premium price for secure storage. Whilst some appreciate a company being open and honest about a breach, invariably some will be far too indignant to accept any form of apology – particularly one that is only printed in a blog post.
For LulzSec, the big question is, as always, why was security so lax? These are professional hackers who have been responsible for high level Government intrusions throughout the world. Lockheed were charged with keeping the data safe and carrying out all necessary processes (getting paid £150m to do so) and appear to have allowed the data to slip through their grasp. So is anything actually safe from hackers and those with malicious intent?
It’s a dangerous world out there, particularly for those storing or sharing data online. Whilst police claim to have arrested the arrested a 19 year old in Essex who is alleged to have masterminded LulzSec (although #AntiSec claim that ‘Ryan’ was simply in charge of IRC and the 6 main members are still at large – see below), there will always be someone else willing to take on the baton and continue testing the security of large corporations and Governments. If they can hack Sony and the Census, what else may they be capable of? A group of people intent on chaos is next to impossible to shackle.
As for Dropbox, well they have learned a valuable lesson in testing and customer care. A self created issue may be easier to rectify; however their reputation has been severely dented. Like Lockheed (if LulzSec do release the supposed data), they have to regain the trust of customers and reassure them that their security is tight. However, for many, this will simply provide ammunition to their belief that the Internet isn’t a safe place to store any personal information.
Regardless of the legitimacy of all claims, it’s been bad news day for the world of online security.
Well, as many have already suggested, listening to online rumours can easily backfire; as is the case with this LulzSec story. They have been highly active on Twitter, deleting some posts and denying certain stories, and it appears that they are distancing themselves from the Pastebin claim of stealing Census data (shown below).
So whilst this extinguishes some flames, undoubtedly there will be people who are still concerned about the safety of Census data and information online. A hoax, as stated in my comments below, can be almost as damaging as a confirmed story – particularly when it relates to a subject that is as emotive and current as online privacy. Lockheed will no doubt be happier for this denial and hopefully this will be the last we hear about it.