Database Security

Buffer, a social media scheduling service, Buffer, found itself on the receiving end of a data-breach back in October. The culprit behind the breach was the company’s database provider. The breach resulted in the exposure of user account credentials that led to spam posts on user social media sites.

This breach really highlights a couple of key things that service providers and their 3rd party vendors need to be aware of. First, as a service provider that leverages 3rd parties for other services, they really need to ensure that those parties follow the same if not better security practices for overall business continuity and to avoid embarrassing breaches such as this.

But more importantly, securing the database containing user information is critical. It should be encrypted. There are two ways to secure a database, and specifically things like passwords. The first is to encrypt the passwords stored in the database. If the passwords in the database are encrypted with AES 256-bit encryption, the likelihood of a hacker gaining access to the information is near to impossible.

Cracking AES 256-bit encryption is no small task. There’s a great table in the EE Times that demonstrates the complexity of AES encryption and how long it would take to crack. When looking at the chart in the article, you can see it would take billions or trillions of years to crack AES 256-bit encryption.

The other option that is preferred by those with deep security roots is to not store the passwords at all, ever. Instead, passwords should be stored as a cryptographic hash. A strong one-way hash will ensure that there’s really no way for a hacker to figure out what those user passwords are.

Following one of these practices is the most effective way to ensure that customers have less to worry about regarding the security of their database. Had Buffer’s 3rd party database provider done the same, this breach could have potentially been avoided.

Previous Post
Happy Thanksgiving America
Next Post
The Online Evolution – WinMagic.com 3.0

Related Posts

All Good Things Must Come to an End

When we launched SecureDoc 6.2 last week and revamped/improved our support offerings, there was another fundamental change we implemented and that was around the length of product support. (more…)
Read more

Securing the Cloud

Recently it was revealed that Oregon Health & Science University (OSHU) staff were storing patient data in a cloud storage solution – namely, Google Drive. What’s the big deal? It’s Google, it has to be secure right? (more…)
Read more

Florida Gets Serious With Data Privacy

July 1st was a big day in Florida if you’re a follower of info security news. That was the day Florida’s new Florida Information Protection Act (FIPA) came into effect and had immediate consequences for anyone that does business in…
Read more

WinMagic Certified Secure Validation

Today SanDisk announced their new SSD offering, the X300s – it’s their first drive to feature encryption capabilities. As part of this announcement, WinMagic also announced that SanDisk is the first drive partner we work with to complete the WinMagic…
Read more

Leave a Reply

Your email address will not be published. Required fields are marked *

Fill out this field
Fill out this field
Please enter a valid email address.

Menu
Contact Us

This will close in 15 seconds