14 DAY TRIAL // Australian website Catch of the Day, which specializes in providing its visitors with all sorts of money-saving deals, has recently announced its customers that their systems suffered a breach sometime before May 7, 2011.
There is no clear information on how this occurred, but it appears that the incident affected all customers with an account created before said date. They are now urged to change their passwords if the same passcode is currently in use.
According to the website’s About page, on average, the service records a sale every second, 24 hours a day, seven days a week, and they advertise having over two million users. However, a more important piece of information would be the number of active accounts available around the time of the intrusion.
It appears that the incident caused the loss of customer details, like names, delivery addresses, email addresses and encrypted passwords, as well as some credit card information.
Although the notification came only last week, the incident was discovered when it occurred and law enforcement was alerted, along with credit card companies, which took the necessary measures to protect the users.
Some of the actions taken included cancelling compromised credit cards and initiating an investigation in order to identify the attackers.
The reason behind not making the disclosure at that time was that all the precautions had been taken to protect visitors affected by the breach. Also, the passwords were not in plain text, and at that moment, the risk of decrypting the database was not something to worry about.
However, the company thinks that current advancements in technology could enable the attackers with the necessary power to decrypt the protected information.
On the other hand, users that created an account after May 7, 2011, should have nothing to worry about, because the security of the website kept evolving, and security upgrades had been applied in order to maintain protection of user data at industry standards.
A sound advice is for users to constantly change the passwords for web accounts so that, in the event of a breach, the intruders would have no use for the stolen data. This is particularly important in the case of accounts where sensitive information is stored, such as financial details.
Two researchers from Microsoft argue about the complexity of the password and say that users could rely on an easy passcode only for accounts where few personal details are available.