Ubisoft Urges Customers To Change Password After Security Breach


Joshua Corman, director of security intelligence at Akamai Technologies, a Cambridge, Mass., Internet content delivery network company, believes salting and hashing should be a requirement for most businesses because it is a security best practice. But, even hashing and salting isn't a silver bullet, Corman said.

"Given compute powers, these methods aren't fool proof, and the consumer can only do so much to limit their exposure," Corman said.

Having a strong password as well as a different password for various accounts help boost security, but Corman advises people consider using different email addresses for more sensitive accounts, such as those at banks and other financial firms.

"It's often intelligent to use different email addresses for different levels of sensitivity of accounts," said Corman. "While you cannot control the operational security password, as you give your email and password, you can control what you can give to [companies] in the first place."

In addition to better password protections, Ubisoft and other businesses need to take measures to better protect Web applications and monitor Internet-facing systems to detect suspicious activity, Palo Alto Networks' Williamson said.

"The only thing that will be preventative is better security on the front end," said Williamson. "Ubisoft was hacked through their public sites, and there was some vulnerability in one of their Internet-facing sites."

Breaches are inevitable, Corman said, adding that businesses need to use security incidents to advocate for stronger security measures.

"These kinds of failures are fairly common, and it's better to treat these as catalysts to improve on the supplier and end-user side instead of looking to block or shame the company," said Corman. "Everybody can have operational security failures but it's better to treat them as a chance and nudge to make improvements."

PUBLISHED JULY 8, 2013