June 4, 2012

Biggest Privacy Faux Pas of 2011

by with 4 comments

Though it’s impossible to account for all the data security breaches that happen, according to the Privacy Rights Clearinghouse, about 30 million records were compromised in 2011 in 535 separate breaches in the United States. Furthermore, those numbers reflect only the breaches reported. Many more go unknown or unreported. Many times, hackers are the culprit. However, a significant portion of the breaches come from inside the organization where an employee or agent with access to the data are at fault.

Unlike SpiderOak, some companies and services don’t encrypt information inside databases. This was the case with Sony. The Sony breach alone accounted for nearly 80 million records! Other breaches occurred because someone left a server wide open, leaving very sensitive or personal information accessible on the Internet. This was the case with Texas Comptroller, when 3.5 million people’s names, addresses, and social security information was open to the public. Some breaches were caused by carelessness, when backup tapes or laptops were stolen after being left in cars. This was the case with the Department of Veterans Affairs when 26.5 million veterans were exposed by an employee who took an unauthorized computer home.

Of course, how could we forget about the giant Dropbox breach who confessed that a bug in the service’s authentication software made passwords optional for a period of four hours. This allowed anyone to log into a user’s account simply by entering their user name. An estimated 25 million users’ accounts were compromised triggering a class action lawsuit.

As a company with the core focus on privacy and security, we know how important it is to safeguard your privacy and maintain internet safety standards. That is why we are happy to emphasize our Zero-Knowledge policy which allows only our users the ability to access their data. In addition, we are looking to certify other companies in the future who also adopt this approach. Stay tuned!

  1. There was recently a post on the SpiderOak forum asking about a possible vulnerability with the bundled version of python in SpiderOak. That post seems to have disappeared… Why is that?

  2. Hello,

    Sorry to hear you are not able to find that post. Perhaps it was moved to another section such as our troubleshooting. Do you remember the question specifically? I'd be more than happy to answer any questions you have.

  3. I'd say the most embarassing failure of 2011 was how stratfor.com, a private intelligence provider with clients among government, military and top Forbes private companies and individuals was hacked and revealed to be storing in plain text not only credit card numbers and information, but also confidential emails with clients and secret sources, passwords, not to mention server backups on the same physical machine. That was the most amateurish.