If you have you been reading the news recently, you might have noticed the spate of high profile security incidents occurring only in the last few weeks.

Evernote:
Only a few days ago Evernote stated that “that the individual(s) responsible were able to gain access to Evernote user information, which includes usernames, email addresses associated with Evernote accounts and encrypted passwords.”. This is in reference to access of username and passwords of it’s 50 million users. As a result they forced a password reset for all Evernote users. More details can be found here: http://blog.evernote.com/blog/2013/03/02/security-notice-service-wide-password-reset/

Twitter:
On the 1st of February, Twitter announced that they had detected unauthorised access to “usernames, email addresses, session tokens and encrypted/salted versions of passwords – for approximately 250,000 users.” More details can be found here: http://blog.twitter.com/2013/02/keeping-our-users-secure.html

Facebook:
On the 16th of February, Facebook announced that a number of their employees visited a mobile app developers site which installed malware on their computers. However after a significant investigation stated: “We have found no evidence that Facebook user data was compromised.”. More details can be found here: https://www.facebook.com/notes/facebook-security/protecting-people-on-facebook/10151249208250766

Zendesk:
Zendesk announced on the 21st of February that a hacker had accessed their system that week. They stated: “Our ongoing investigation indicates that the hacker had access to the support information that three of our customers store on our system. We believe that the hacker downloaded email addresses of users who contacted those three customers for support, as well as support email subject lines.” Depending the size of each of those 3 customers compromised, this could have been a small or large breach. More details can be found here: http://www.zendesk.com/blog/weve-been-hacked

Some lessons learned from these security incidents:

Security is only as secure as the weakest link:
It doesn’t matter how much security you have in one area, your security will only only ever be as secure as the weakest link. For example if you have secured your production web serving servers using firewalls, intrusion detection, etc – but then you only have basic security on the users managing your production environment then you have a weak link on the users managing the environment.

Never use the same password for multiple online services:
When security incidents like the above do happen, this leaves your username, email, and password with the attackers. They can use these to try to access accounts you may have with other online services. If you keep the same password across all online services you would need to reset your password quickly in such an event to ensure the hackers don’t access your data elsewhere. Best practice is to use a different password for every service, this way you keep any damage compartmentalised to a single service.

Educate staff & users about best security practices:
If you are running an online service, make sure your staff & users are educated about best security practices. This includes any devices they may be using to access your corporate network, or production environments. Security is only as strong as the weakest link or staff/user of your service.

Attacks can come through social engineering, not just vulnerabilities:
This ties into educating your staff, as not all attacks are a direct result of a vulnerability or security hole. In many cases attacks can come through social engineering or a combination of social engineering and an exploit. Social engineering  is when people are manipulated into providing access, or releasing confidential information. This could be through a simple email with an exploit payload with fraudulent headers, or impersonating someone over the phone.

Any other lessons learned from these security incidents? Can anyone else tell us about another experience they have had?