Hold
Security of Milwaukee, Wisconsin which broke the story on how a Russian
gang is sitting on top of over one billion stolen usernames and
passwords has come up with what seems to be a iron clad get-rich-quick
scheme.
The
‘large hearted’ company has said it wants to help users, but… there is
always a but.. there is no such thing as a free lunch. After
discovering the breach and scoring a high-profile story on New York
Times, the security firm is now demanding a fee from users who want to
know if they are affected. This means users will have to shell out $120
simply to know if they are a victim.
A
report by Grahamcluley also adds how the breaking news was ‘perfectly
timely’ with the security conferences going on in Las Vegas right now.
“There was an alarming lack of information supplied by Hold Security in
its official statement about the discovery and something just didn’t
feel right,” adds the report.
A
look at the official statement from the security firm clearly states
that ‘it could not name sites that had been breached because of
non-disclosure agreements.’ However, it now seems that Holds Security is
using all the data it received to make a lot of money. For $120/year
with a two-week money back guarantees, it now promises to alert you if
your site is affected by the data breach.
“It’s
certainly in the interest of any security firm to portray the state of
cybersecurity as dire to make their wares more appealing, and that’s
something any reader should keep in mind when reading quotes from a
security professional. But this is a pretty direct link between a panic
and a pay-out for a security firm,” reports Forbes.
Hold
Security wants users to sign up with “Consumer Hold Identity Protection
Service” (CHIPS) that is a subscription service. And yes, if you sign
up right away you’ll be getting 30 days protection for free. You need to
provide your email address to Holds Security and it will prove you with
encrypted versions of your password and let you know which password has
been compromised.
However,
the report further calls its approach quite ‘idiotic’. ”What if the
computer the user is typing on has keylogging malware in the background –
isn’t it going to be trivial for malicious hackers to scoop up the
victim’s most sensitive passwords as they are entered on this web form?
Or what about the possibility of bad guys creating phoney versions of
this webpage, specifically with the intention of nabbing users’
passwords,” the report adds.
While
we can’t do anything about a website being hacked, it is important that
we keep changing the password and avoid common and easy to crack
passwords. You can also take a look at 7 steps to make passwords
stronger and more secure.
Posted by : Gizmeon
No comments:
Post a Comment