August 15th, 2011
South Korean web users have been left reeling again just weeks after one of the biggest data breaches in the country’s history, after hackers attacked streaming service GOMTV.net and compromised details including names, email addresses and passwords.
A post on the site on Sunday revealed that attackers had breached the site early on Saturday morning local time, but fortunately GOMTV uses PayPal to process payments so no credit card details were stolen.
“We strongly encourage you to change your GOMTV.net password and if you have been using the same password for other web sites, we suggest changing the passwords for those sites as well,” noted the statement.
“As soon as we discovered the sign of intrusion we conducted a complete investigation into the incident and have also taken steps to enhance security and strengthen our network system in order to provide you with better protection of your personal information.”
Paul Ducklin, head of technology for Sophos Asia Pacific, welcomed GOMTV’s relatively quick notification of customers, but questioned the firm’s password retention policy.
“It sounds as though [parent company] Gretech was storing passwords in a directly recoverable form on its web servers. As we’ve said many times before on Naked Security, this is almost always unnecessary for online authentication,” he said in a blog post.
“You don’t need to save a user’s password permanently to be able to validate it later. Instead, you calculate and store a complex cryptographic hash of the password. If a user can subsequently provide a password which produces the same hash, you have satisifed yourself they know the password they chose originally. You need to have the password very briefly in memory, but you never need to store it.”
Ducklin also criticised the firm for placing a large button on the breach notification emails sent to customers designed to make it easier for them to change their password, as it could be exploited in the future by scammers.
“Fake warnings which urge users to click on links in the email they’ve just received are the hallmark of scammers and phishers,” he said.
“Avoid doing the same thing in your own alerts: this discourages users from entering confidential data on web pages they have reached via uncertain links embedded in emails.”
At the end of July, South Korea suffered potentially its largest ever data breach after an attack on the Nate online portal and Cyworld social network exposed up to 35 million users’ details.
15 Aug 2011