It has been reported that Eurostar accounts have been hit by hackers. The rail service had to reset its customers’ login passwords after detecting attempts to break into an unspecified number of accounts. Eurostar have not said whether any of the attacks were successful but did say that payment details were not affected.
Below is a comment from Dr Guy Bunker, SVP of Products at data security company, Clearswift, that looks further at the news that Eurostar had to block access to their website because of the hack that took place between 15th and 19th October.
Dr Guy Bunker, SVP of Products, Clearswift, comments on the Eurostar hack attack:
“With the commercialisation of cyber-attacks, the opportunity for more cyber-criminals to attack more sites increases. This is what we see at present as the latest attacks are going after the next set of organisations which hold critical data. We know any organisation is a potential target and this proves the case. On the plus side, Eurostar obviously have a number of security controls in place, including the obvious one of looking for failed login attempts. These days gathering the intelligence from systems and applications around ‘security events’ is not difficult, however, often interpreting them and carrying out an action in a timely manner is an issue – not in this case.
Whenever there is a new set of usernames / passwords leaked on the dark web there is often a sudden increase in brute force attacks such as this – trying the username / password which has been exposed against other websites. If this can be ‘zippered’ (correlated) to another set of leaked data, then there is a good opportunity for a cyber-attacker to breach a system. Of course, a failed attempt is easier to recognise than a successful first attempt by an attacker – the challenge then becomes whether this was the attacker or the actual person. In this case correlating the times of both failed and successful attempts is required.
Good security relies upon multiple factors, and for individuals who use services like Eurostar there is a need to ensure they have unique passwords, such that if one site is compromised, then others won’t follow as a matter of course. Eurostar as with many others use the users email as the username – meaning that can be readily guessed, but also will be used on other sites. Having different usernames for different sites along with different passwords can be seen as inconvenient, but when it comes to safeguarding your personal information it is undoubtedly worthwhile.”
(2)
Article Link: http://digitalforensicsmagazine.com/blogs/?p=2555