Disasters Waiting to Happen With Your Personal Data

These companies are each taking a large risk with your data.

May 13, 2014 at 7:45PM

Internet security requires both users and websites to follow safe practices. Consumers should use multiple passwords across websites, while companies should do their best to guard users' data. However, it is particularly bad when companies follow substandard practices as they have the potential to expose the data of millions of users all at once. Besides weakening Internet security for everyone, this laxity can have major consequences for companies like bad PR, fines, and much more. Read on for a history of password security failures and a list of four companies that are currently putting your data and themselves at risk.

Password security
Consumers often fall short on holding up their end of the bargain when it comes to Internet security. Microsoft Research conducted a comprehensive study of people's password habits in 2007. The company found that people had on average 25 online accounts but just 6.5 passwords. This is bad, because one leaked or stolen password could grant someone access to several accounts.

Many companies use weak encryption to safeguard consumer passwords. Recent examples include Adobe, which had 150 million passwords leaked in 2013, and LinkedIn, which had 6.5 million passwords leaked in 2012. Adobe's password list was encrypted, but its reversible encryption allowed hackers to reverse-engineer users' passwords. Each time a new list is leaked, password-crackers get stronger, as they can first run these old lists against account management systems.As people frequently use the same passwords across multiple sites, many passwords will easily be broken with these lists.

It gets worse
The worst thing a company can do is store passwords in plaintext, i.e. unencrypted. Last year, Cupid Media had 42 million plaintext passwords leaked, while Rockyou had 32 million leaked in 2009. Besides fines from the Federal Trade Commission and other expenses dealing with the fallout, the biggest risk for companies is the loss of consumers' trust and the terrible PR that comes with a data leak.

It blows my mind when I come across companies that store passwords in plaintext or an easily reversible format. The following four companies all store passwords weakly, putting your data at risk. If these companies were storing your passwords safely, they would not be able to email your password.

1. Marriott International (NASDAQ:MAR)

G

2. Royal Caribbean Cruises (NYSE:RCL)

G

3. The NFL's NFLShop.com

G

4. 1-800-Flowers (NASDAQ:FLWS)

G

Modern best practices for password encryption call for the use of unique-to-the-password, one-way mathematical functions to store passwords as what's called "hashes." Using one-way mathematical functions means you can calculate the hash from the password, but you cannot figure out the password if you only have the hash. As such, companies never store your actual password; they simply run it through the formula and see whether its output matches up with the hash. Password encryption gets more complicated than this with another process called "salting" and the use of key derivative functions to vary the length of the hash functions. In any case, however, companies should never be able to tell you your password

These companies are taking the risk that hackers will have easy access to users' password data if they ever experience a database breach. Like motorists who drive without seatbelts because they're "good" drivers, these companies are putting themselves and others at risk in the event of an accident.

Accidents do happen; just look at how Target (NYSE:TGT) was breached by hackers using stolen credentials from one of the company's refrigeration contractors. The immediate cost of the breach was $61 million dollars -- fairly small for a company of Target's size. But the loss of consumer confidence was immediate: The number of transactions dropped 5.5% in the fourth quarter compared to the year before. The company summarized the situation it is facing in its most recent annual report:

Until the fourth quarter of 2013, all incidents we experienced were insignificant. The Data Breach we experienced was significant and went undetected for several weeks. We experienced weaker than expected U.S. Segment sales immediately following the announcement of the Data Breach, and we are currently facing more than 80 civil lawsuits filed on behalf of guests, payment card issuing banks and shareholders. In addition, state and federal agencies, including State Attorneys General, the Federal Trade Commission and the SEC, are investigating events related to the Data Breach, including how it occurred, its consequences and our responses. Those claims and investigations may have an adverse effect on how we operate our business and our results of operations.

It will be years before the full cost of the breach to Target will be known -- if it ever is. While you can't always ensure that companies will do their part to protect your data, there are some simple ways to boost your Internet security.

Nine simple tips to boost your data security

  1. Use long passwords. There are simple ways to create and remember longer passwords.
  2. Don't reuse the same password across multiple websites.
  3. Use two-step authentication wherever possible.
  4. Choose obscure answers to your password retrieval questions.
  5. Use antivirus software and set it to update automatically.
  6. Set all software you use to update automatically.
  7. Use BillGuard to monitor your credit card. BillGuard is a free monitor for your credit and debit cards. It uses crowdsourced data to create the most advanced fraud-monitoring system, which it sells to credit card companies.
  8. If you receive a suspicious email, do not open it, particularly if it has attachments.
  9. If you receive a suspicious email from someone you know, especially if it has attachments or links that seem suspicious, call (do not email) the person to confirm he or she sent it.

Foolish takeaway
The companies noted in this article are taking risks with users' data due to their weak protection of passwords. Don't reuse passwords across sites, especially the ones above.

Your credit card may soon be completely worthless
As data security becomes more important, especially after Target's credit card data breach, the plastic in your wallet is about to go the way of the typewriter, the VCR, and the 8-track tape player. When it does, a handful of investors could stand to get very rich. You can join them -- but you must act now. An eye-opening new presentation reveals the full story on why your credit card is about to be worthless -- and highlights one little-known company sitting at the epicenter of an earth-shaking movement that could hand early investors the kind of profits we haven't seen since the dot-com days. Click here to watch this stunning video.

Dan Dzombak can be found on Twitter @DanDzombak or on his Facebook page, DanDzombak. He has no position in any stocks mentioned. The Motley Fool has no position in any of the stocks mentioned. Try any of our Foolish newsletter services free for 30 days. We Fools may not all hold the same opinions, but we all believe that considering a diverse range of insights makes us better investors. The Motley Fool has a disclosure policy.

1 Key Step to Get Rich

Our mission at The Motley Fool is to help the world invest better. Whether that’s helping people overcome their fear of stocks all the way to offering clear and successful guidance on complicated-sounding options trades, we can help.

Feb 1, 2016 at 4:54PM

To be perfectly clear, this is not a get-rich action that my Foolish colleagues and I came up with. But we wouldn't argue with the approach.

A 2015 Business Insider article titled, "11 websites to bookmark if you want to get rich" rated The Motley Fool as the #1 place online to get smarter about investing.

"The Motley Fool aims to build a strong investment community, which it does by providing a variety of resources: the website, books, a newspaper column, a radio [show], and [newsletters]," wrote (the clearly insightful and talented) money reporter Kathleen Elkins. "This site has something for every type of investor, from basic lessons for beginners to investing commentary on mutual funds, stock sectors, and value for the more advanced."

Our mission at The Motley Fool is to help the world invest better, so it's nice to receive that kind of recognition. It lets us know we're doing our job.

Whether that's helping the entirely uninitiated overcome their fear of stocks all the way to offering clear and successful guidance on complicated-sounding options trades, we want to provide our readers with a boost to the next step on their journey to financial independence.

Articles and beyond

As Business Insider wrote, there are a number of resources available from the Fool for investors of all levels and styles.

In addition to the dozens of free articles we publish every day on our website, I want to highlight two must-see spots in your tour of fool.com.

For the beginning investor

Investing can seem like a Big Deal to those who have yet to buy their first stock. Many investment professionals try to infuse the conversation with jargon in order to deter individual investors from tackling it on their own (and to justify their often sky-high fees).

But the individual investor can beat the market. The real secret to investing is that it doesn't take tons of money, endless hours, or super-secret formulas that only experts possess.

That's why we created a best-selling guide that walks investors-to-be through everything they need to know to get started. And because we're so dedicated to our mission, we've made that available for free.

If you're just starting out (or want to help out someone who is), go to www.fool.com/beginners, drop in your email address, and you'll be able to instantly access the quick-read guide ... for free.

For the listener

Whether it's on the stationary exercise bike or during my daily commute, I spend a lot of time going nowhere. But I've found a way to make that time benefit me.

The Motley Fool offers five podcasts that I refer to as "binge-worthy financial information."

Motley Fool Money features a team of our analysts discussing the week's top business and investing stories, interviews, and an inside look at the stocks on our radar. It's also featured on several dozen radio stations across the country.

The hosts of Motley Fool Answers challenge the conventional wisdom on life's biggest financial issues to reveal what you really need to know to make smart money moves.

David Gardner, co-founder of The Motley Fool, is among the most respected and trusted sources on investing. And he's the host of Rule Breaker Investing, in which he shares his insights into today's most innovative and disruptive companies ... and how to profit from them.

Market Foolery is our daily look at stocks in the news, as well as the top business and investing stories.

And Industry Focus offers a deeper dive into a specific industry and the stories making headlines. Healthcare, technology, energy, consumer goods, and other industries take turns in the spotlight.

They're all informative, entertaining, and eminently listenable ... and I don't say that simply because the hosts all sit within a Nerf-gun shot of my desk. Rule Breaker Investing and Answers contain timeless advice, so you might want to go back to the beginning with those. The other three take their cues from the market, so you'll want to listen to the most recent first. All are available at www.fool.com/podcasts.

But wait, there's more

The book and the podcasts – both free ... both awesome – also come with an ongoing benefit. If you download the book, or if you enter your email address in the magical box at the podcasts page, you'll get ongoing market coverage sent straight to your inbox.

Investor Insights is valuable and enjoyable coverage of everything from macroeconomic events to investing strategies to our analyst's travels around the world to find the next big thing. Also free.

Get the book. Listen to a podcast. Sign up for Investor Insights. I'm not saying that any of those things will make you rich ... but Business Insider seems to think so.


Compare Brokers