In the News
Bugs, breaches, and hacks continue to occur at large scale companies with millions of customers. In T-Mobile bug let anyone see any customer’s account details, Zack Whittaker discusses a bug in T-Mobile’s website that allowed access to customer information including financial statements, home addresses, and access PINs. Whittaker elaborated by stating that all of this personal information was accessible by only using a customer’s phone number–no password necessary.
Our Take
An unfortunate truism in the security world is that good guys have to be lucky all the time, while bad guys only have to be lucky once. It is for this reason that defense-in-depth is such an important security concept: when someone doesn’t configure a system properly or a vulnerability is discovered, one layer of defense may be breached, but there should be another protection in place behind it to prevent the breach from having a substantial impact. Unfortunately, there are still many companies that rely on a single protective layer.
Recommendations
There isn’t much you can do to counter some types of mistakes or poor security practices at companies you do business with, but in general, try to:
- Keep track of news about breaches affecting companies with which you do business, and take care to change passwords, PINS, and security questions that may have been compromised
- Track your finances closely to catch suspicious activity