What should those affected by Collection #1-5 do?
Those who suspect having fallen victim to hacks such as Collection #1-5 can check this on the internet: both the German webpage from Hasso Plattner Institute and Troy Hunt’s website offer this service. People whose email address is among those in the hack should change their passwords immediately – not just for their e-mail but for every online service they are registered for. In some cases, it is advisable to create a new e-mail account in order to avoid spam. Not trivial to do but worthwhile.
Would this have happened with Cryptshare?
Unlike your e-mail accounts, Cryptshare cannot be attacked centrally. An e-mail address serves to verify the sender and to facilitate communication with the respective recipient. As a solution for the secure and easy exchange of data, Cryptshare does not use e-mail accounts. Therefore, there is no risk of anyone getting into an e-mail account that contains all information in a consolidated and readable form simply by knowing the email address and hacking the password. The e-mail address is merely used to determine if a transfer can be executed in accordance with the existing licenses. With Cryptshare, every single transfer is individually encrypted and can be secured with a password.
Since the password is not shared with the recipient via e-mail, but by another channel (for instance, over the phone or via SMS) – as is suggested as a general good principle – the password is only known to this intended recipient. Even if, in a worst-case scenario, a hacker did gain access to the Cryptshare server, all transfers stored on it would be encrypted individually, without their respective passwords.
QUICK Technology with Cryptshare which will be launched in the spring will revolutionise easy and secure password management: Once it is activated, QUICK Technology encrypts all communication between two partners without them having to manually exchange passwords ever again. All of the encryption and decryption is run securely in the background; after initial activation, users can communicate via e-mail worry-free. This way, QUICK Technology eliminates the most common of human errors in password management, a key factor in avoiding security breaches.
What conclusions should be drawn from Collections #1-5?
Events such as Collection #1-5 are bound to occur again. For one thing, it is possible for bad actors to process ever larger amounts of data. Also, data is often not deleted but saved, even if it is no longer actively used. The concept of an e-mail account and a respective password that grants access to all data and correspondence should be reconsidered. The past has shown all too often how vulnerable this approach is, and how easily regular e-mail and its contents can be abused in order to gain valuable information for illegal purposes. Today it is even more important for users to rethink their behaviour when it comes to e-mail security and the use of passwords. A few simple steps can make a truly meaningful contribution to effectively protecting yourself from such security breaches and their consequences.