Yahoo’s digital publishing platform, Yahoo! Voices, was the latest major website to fell prey to a cyberattack. A group called ‘D33Ds Company’ stole over 450,000 usernames and passwords from the site (fortunately, less than 5% were still valid) and published the data on its webpage. Though no longer available on the D33Ds website, various sources report that the data is still circulating through torrents.
Following recent similar hacks of major social networking sites such as LinkedIn and eHarmony and Last.fm, Yahoo!’s woes remind us that the Internet still has serious safety concerns. The data taken from Yahoo! was–astonishingly–not encrypted. D33Ds pulled off their feat through a relatively simple technique known as a SQL Injection, a well-known method of attacking a database, and one that is relatively easy to combat.
D33Ds described their attack “as a wake-up call and not as a threat.” If nothing else, they’ve woken up Yahoo!. In response to this embarrassment, Yahoo! is not going to leave unencrypted data lying around any time soon. And generally, it’s clear that social networking sites have a strong incentive to self-regulate when it comes to data security and will respond swiftly to breaches.
But maybe the incentive isn’t strong enough. Building a better mousetrap can be costly, many sites can bank on users staying despite breaches because those sites lack competition (where would dissatisfied LinkedIn users go?), and users have little way of knowing how secure a site is until it’s too late.
This newest installment in the seemingly never-ending saga of security breaches might start a push for more serious data security laws for the gargantuan tangle of social networks. It’s certainly feasible. Financial institutions have to follow strict data security procedures under the Gramm-Leach-Bliley Act. The National Institute for Standards and Technology sets security standards for non-classified government information. Some Senators have been asking for tighter social networking security regulations as early as 2010. Do the breaches of Yahoo, LinkedIn, eHarmony, and Last.fm mean that it’s time to start thinking more seriously about federal regulation of social networking data security?