Science News

... from universities, journals, and other research organizations

Zappos Breach Goes Beyond Credit Cards: Consumers Face Identity Theft If Hackers Correlate Other Penetrated Databases

Jan. 18, 2012 — Stephen B. Wicker, Cornell professor of Electrical and Computer Engineering at Cornell University, comments on the Zappos web site breach by hackers.

Share This:

Wicker conducts research in wireless information networks. He focuses on networking technology, law, and sociology, and how regulation can affect the privacy and speech rights. He is the author of the book "Cellular Convergence and the Death of Privacy," to be published by Oxford University Press at the end of 2012.

He says: "Though Zappos has not stated how security was breached, this event is a reminder that security is not a fix or an overlay, it is an ongoing process that must be intrinsic to the design and maintenance of an Internet presence.

"Zappos said that credit card information was not stolen, but acknowledged that email addresses, billing and shipping addresses, phone numbers, and the last four digits from credit cards may have been compromised. This is a lopsided outcome for the customer.

"The bigger problem Zappos faces is that large databases of consumer information can be used for identity theft. As Zappos acknowledged, users who use the same or similar passwords are at risk of theft through access to other sites such as Amazon or Ebay.

"More generally, information about a customer can be used to 'de-anonymize' other databases on other Web sites, further invading customer privacy. Correlation attacks enabled by such data have been shown to strip anonymity from NetFlix, AOL and other databases that were assumed safe. Thus, the information used can include customer preferences, beliefs and practices that are far harder to change than a credit card number.

"Zappos' response is admirable for its forthrightness and immediacy, but this is a reminder of the risk run when online service providers maintain databases of user data. This is a practice that many, many web site and service providers engage in for convenience and, in some cases, for profit. This is a practice that a networked society cannot afford for the long term if individual privacy is to be preserved."

Share this story on Facebook, Twitter, and Google:

Other social bookmarking and sharing tools:

|

Story Source:

The above story is reprinted from materials provided by Cornell University, via Newswise.

Note: Materials may be edited for content and length. For further information, please contact the source cited above.

APA

MLA

Note: If no author is given, the source is cited instead.

Search ScienceDaily

Number of stories in archives: 137,088
Find with keyword(s):
 
Enter a keyword or phrase to search ScienceDaily's archives for related news topics,
the latest news stories, reference articles, science videos, images, and books.

Recommend ScienceDaily on Facebook, Twitter, and Google:

Other social bookmarking and sharing services:

|

 
  more breaking science news

Social Networks

Recommend ScienceDaily on Facebook, Twitter, and Google +1:

Other social bookmarking and sharing tools:

|

Breaking News

... from NewsDaily.com

In Other News ...

Science Video News

Protect Yourself From Computer Hackers

Computer scientists observe that the people most at risk for the loss of private information and other computer problems are those who create easily. ...  > full story

Strange Science News

 

Free Subscriptions

... from ScienceDaily
Get the latest science news with our free email newsletters, updated daily and weekly. Or view hourly updated newsfeeds in your RSS reader:

Feedback

... we want to hear from you!
Tell us what you think of ScienceDaily -- we welcome both positive and negative comments. Have any problems using the site? Questions?
Post this page to your favorite social bookmarking site:
Include this item in your blog or web site:
Cite this article in your essay, paper, or report:
Email this page's link to a friend or colleague: