Reports that a major data breach at Network Solutions potentially impacting more than 570,000 cardholders around the world is almost certainly the result of cloud computing making such network hacks highly attractive, says Imperva, the data security specialist.
"Although the data breach appears to have been discovered in early June, here we in late July - six weeks later - reading about a breach affecting more than half a million cardholders, around half of the Internet service company's customer base," said Amichai Shulman, Imperva's chief technology officer.
"As the dust settles on this major data breach - which appears to be right up there alongside the Heartland Security card data breach of the start of the year - heads will undoubtedly roll," he added.
But, says the Imperva CTO, the basic problem is that the rise of cloud computing - with many more companies now hosting their data on the Internet - makes such databases and the servers they are hosted on, phenomenally attractive. The attackers here aimed on the big prize -- the servers. Instead of dealing with a site here and there, once they broke into the hosting servers and all the sites were open to them. The lesson: once you've penetrated the cloud, you've got an easy path to the important, underlying data.
According to Shulman, as the newswires report yet another major card database hack, it is interesting to note that Network Solutions says that malware planted on its servers appears to be at the heart of the data loss.
The data breach, he said, is notable for taking place over a lengthy period, begging the question: how come it took so long to discover the incursion?
"It is also worth noting that they actually knew of the breach on June 8 but took more than six weeks to reveal the problem to the media and customers. What have they - and the card services companies been doing in the interim?" he said.
"This case does not appear to have been handled well by the company and the delay in going public could prove expensive if, as seems likely, a class action lawsuit results from the data losses," he added.