In my secondary role as amateur myth-debunker, it’s my sad duty to tell you that it’s a complete myth that lightning never strikes twice. In my day-job as a blogger, I can also tell you that the same thing is true for your website – when it comes to cyber attacks, you can definitely fall victim more than once. While you may not be able to do much about lightning, the good news is that when it comes to your business, you can and you should. Case in point – adult dating and pornography site company Friend Finder Networks has been attacked for the second time in as many years and it’s not just bad luck, it’s bad planning.
In May of last year Friend Finder Networks found itself the target of an attack, haemorrhaging about four million user details from its database. Eighteen months later it’s found itself at the business end of a second attack, which is potentially one of the largest data breaches ever recorded.
Monitoring firm Leaked Source found that the private details of more than 412m accounts from the company were leaked in the October attack; which makes the notorious attack on adultery site Ashley Madison seem like small-fry, coming in at a ‘mere’ 33 million compromised accounts.
Friend Finder Networks vice president and senior counsel, Diana Ballou, told ZDnet: “FriendFinder has received a number of reports regarding potential security vulnerabilities from a variety of sources. While a number of these claims proved to be false extortion attempts, we did identify and fix a vulnerability that was related to the ability to access source code through an injection vulnerability.”
While it’s good that they’re fixing vulnerabilities, the word on the streets from security analysts is that the company wasn’t properly encrypting its passwords, so it also shows the importance of not getting complacent.
If you’ve been hacked – which many businesses have, often without even realising it – it’s not the time to think that you’re done, that you can relax because the worst has happened. Data is a never-ending goldmine for attackers and they have an infinite number of reasons to perpetrate an attack; if anything, once they know you’re vulnerable they might be more likely to try their luck again.
So, whether you’ve never been hacked, or have already been struck once, now is the time to get testing and put long-term monitoring strategies in place. There’s no way to absolutely protect yourself from lightning striking twice and sadly the same goes for your cyber security, but you can certainly make yourself a harder target to hit.