To most people the phrase ‘Data security’ is boring and irrelevant to them.
Expect over the next few years to see this being pushed higher up the marketing agendas of web sites that users register their details with.
You can already buy login details to 50,000 iTunes accounts to buy music, videos or book on these users’ accounts:
For merely 200 yuan ($30) a pop, an Internet user in China can purchase up to $200 worth of digital products at Apple Inc’s vast music, movie and applications vault.
Far from being a benevolent offer by the fruit-favoring giant, this offer is the result of the theft of iTunes user account details stollen by hackers who then auctioned them online.
The Global Times discovered Wednesday that about 50,000 illegal accounts are being sold at taobao.com, China’s largest online store, at prices ranging from 1 yuan to 200 yuan.
I predict that within the next 2 years similar lists will be available for the major social networking sites as well. These credentials don’t enable users to do a great deal at the moment, however as soon as a currency is available within the networks, these account details will become highly valuable.
The social networks need to start planning security measures quickly. Security teams need to review processes and procedures quickly.
As users, if the website ‘loses’ login data, there’s nothing that can be done. If users set long, complicated passwords it won’t work. Regularly changing a password will only help if you change your password quicker than a list has been resold.
As a developer it’s one thing being agile in a garage environment, it’s another thing when you are responsible for millions of user accounts.