Recently, hundreds of highly sensitive documents belonging to Twitter were leaked out (see http://www.techcrunch.com/2009/07/14/in-our-inbox-hundreds-of-confidential-twitter-documents/). It seems someone hacked into Google Docs, where these documents had been stored, by conducting some sort of a simple dictionary attack on the Google account password.
A few obvious conclusions:
1. Use STRONG passwords, and definitely not a word or combination of words you can find in the dictionary.
2. Use a service that is more secure than Google Docs when storing highly sensitive information in the cloud (or don't store anything in the cloud at all...).
3. Consider using additional encryption (such as PDF protection or WinZip encryption) or use document control tools. A single password used for your account is not sufficient.
No comments:
Post a Comment